| Author |
 Topic Search  Topic Options
|
theSCIENTIST 
Senior Member
Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 440
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: SQL server sa account
Posted: 04 October 2004 at 8:12pm |
|
Hi all, I've been looking around for information on the sa account in SQL server, and found no answer to my questions.
My SQL server 2000 is set in mixed mode, because it has to make use of SQL accounts, and I find in my server logs, especially in the firewall logs, that the sa account is being constantly tested with some kind of brute force password cracker, last log was 45MB (not to mention SQL server logs) just on (sa account login failed) I was wondering whether I can either delete and create another SrvAdmin account or if I can just rename the default sa account, so when this people try to crack the password next time, there won't be an sa account to crack.
Other tips and tricks on securing SQL server are appreciated.
|
|
|
 |
michael
Senior Member
Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670
|
Post Options
Thanks(0)
Quote Reply
Posted: 04 October 2004 at 9:39pm |
|
Up to sql server 2000 there is no way to disable or rename the sa account or the sysadmin role. In 2005 aka yukon you will be able to do either. I recommend to just give the sa account a unbelievable long password with special charachters etc. Then just use custom accounts.
|
|
|
|
theSCIENTIST
Senior Member
Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 440
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 October 2004 at 10:06am |
|
Thx michael, will do that, I gather the maximum lenght the password can have are 20 chars, can you or anyone else confirm that?
Humm, I might have forgoten the sa account password :(, if this is true, how can I reset it?
Thx.
|
|
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 October 2004 at 11:20am |
|
Not sure about length of passwords but to reset sa password try logging in with a differant account and try this:
UPDATE
master.dbo.syslogins
SET
password = pwdencrypt('newpassword')
WHERE
name = 'sa'
|
|
michael
Senior Member
Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 October 2004 at 11:20am |
|
No, they are not limited to 20, i think it's 255 but not 100% off hand. If you forgot the pass, just log in using windows auth and reset it.
|
|
|
|
michael
Senior Member
Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 October 2004 at 11:22am |
 Mart wrote:
Not sure about length of passwords but to reset sa password try logging in with a differant account and try this:
UPDATE
master.dbo.syslogins
SET
password = pwdencrypt('newpassword')
WHERE
name = 'sa'
|
Don't do that. Never update sysdatabases manually.
|
|
|
|
Mart
Senior Member
Joined: 30 November 2002
Status: Offline
Points: 2304
|
Post Options
Thanks(0)
Quote Reply
Posted: 05 October 2004 at 11:32am |
lol ok 
|
|
theSCIENTIST
Senior Member
Joined: 31 July 2003
Location: United Kingdom
Status: Offline
Points: 440
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 October 2004 at 5:28pm |
|
Thx, I didn't update it manually without reading more about it first, but your coments helped me to do the right thing, all sorted, thx once again.
|
|
|
|
