Best practices - Is it better to delete unused SQL accounts or just disabled them?

Question

In an enterprise environment, is it better to delete limited access SQL accounts, or simply disable them?

I would say that it strongly depends on the requirements of your "enterprise environment" — the-wabbit, Oct 21 '11 at 18:26

score 5 · Accepted Answer · answered Oct 22 '11 at 03:19

If you aren't going to be using them anymore, delete them. Disabling them will have the effect of them not being accessible but if you are truly done with them, keeping your security dialog clean and master database clean of unused/unneeded logins makes sense.

Perhaps disable them for a week or so and make sure no jobs, no processes, no apps, etc. are using them you can then remove them to clean them up...

score 0 · Answer 2 · answered Oct 21 '11 at 18:26

0

It does not really matter. SQL Server 2008 is not like SQL Server 2000 where schema/roles meant trouble.

answered Oct 21 '11 at 18:26

ADNow

152
5

Best practices - Is it better to delete unused SQL accounts or just disabled them?

2 Answers2