Regardless of the server's login security mode (integrated, mixed, or standard), ODBC and DB-Library client applications can be configured to always request a trusted (integrated security) connection from the server. This feature allows SQL Executive to connect to remote servers as long as SQL Executive is running under a properly configured Windows NT user account, (one that has been granted SA access to the SQL Server).
This also allows users who have been granted SA privileges to access the SQL Server when they use a client application that is configured to force trusted connections (for example, ISQL/w). Note that the setup program, by default, automatically grants SQL Server system administrator privileges to members of the server's Administrators local group.
Because the appropriate user privilege levels must exist if the login is to succeed, logging on over client-requested trusted connections can be prevented by performing these steps:
Note that this will restrict applications and features that use forced trusted connections (such as SQL Enterprise Manager and replication).