SQL server sa account
Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: Database Discussion
Forum Description: Discussion and chat on database related topics.
URL: https://forums.webwiz.net/forum_posts.asp?TID=12041
Printed Date: 30 March 2026 at 5:57am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: SQL server sa account
Posted By: theSCIENTIST
Subject: SQL server sa account
Date Posted: 04 October 2004 at 8:12pm
|
Hi all, I've been looking around for information on the sa account in SQL server, and found no answer to my questions.
My SQL server 2000 is set in mixed mode, because it has to make use of SQL accounts, and I find in my server logs, especially in the firewall logs, that the sa account is being constantly tested with some kind of brute force password cracker, last log was 45MB (not to mention SQL server logs) just on (sa account login failed) I was wondering whether I can either delete and create another SrvAdmin account or if I can just rename the default sa account, so when this people try to crack the password next time, there won't be an sa account to crack. Other tips and tricks on securing SQL server are appreciated. ------------- :: http://www.mylittlehost.com/ - www.mylittlehost.com |
Replies:
Posted By: michael
Date Posted: 04 October 2004 at 9:39pm
|
Up to sql server 2000 there is no way to disable or rename the sa account or the sysadmin role. In 2005 aka yukon you will be able to do either. I recommend to just give the sa account a unbelievable long password with special charachters etc. Then just use custom accounts. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Posted By: theSCIENTIST
Date Posted: 05 October 2004 at 10:06am
|
Thx michael, will do that, I gather the maximum lenght the password can have are 20 chars, can you or anyone else confirm that?
Humm, I might have forgoten the sa account password :(, if this is true, how can I reset it? Thx. ------------- :: http://www.mylittlehost.com/ - www.mylittlehost.com |
Posted By: Mart
Date Posted: 05 October 2004 at 11:20am
|
Not sure about length of passwords but to reset sa password try logging in with a differant account and try this: UPDATE master.dbo.syslogins SET password = pwdencrypt('newpassword') WHERE name = 'sa' |
Posted By: michael
Date Posted: 05 October 2004 at 11:20am
|
No, they are not limited to 20, i think it's 255 but not 100% off hand. If you forgot the pass, just log in using windows auth and reset it. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Posted By: michael
Date Posted: 05 October 2004 at 11:22am
Don't do that. Never update sysdatabases manually. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Mart wrote:Posted By: Mart
Date Posted: 05 October 2004 at 11:32am
lol ok
|
Posted By: theSCIENTIST
Date Posted: 06 October 2004 at 5:28pm
|
Thx, I didn't update it manually without reading more about it first, but your coments helped me to do the right thing, all sorted, thx once again. ------------- :: http://www.mylittlehost.com/ - www.mylittlehost.com |