In SQL 2005 and 2008 there is an issue I have with adding non-DBA logins to the securityadmin role. Apart from the fact that the securityadmin has high privileges in itself, there is a loop hole you can use to get access to the SA login. Try the following:
- Create a new user sqluser.
- Issue command grant control server to sqluser.
- Logout of server and login as sqluser.
- Change the password of the SA account to something you know.
- Logout of the server and login as SA using the newly created password.
You have now effectively logged into a server as SA without having to know what the SA password was.