SQL Server Performance Forum – Threads Archive
sa password automatically changedFor some reason, the sa password in our server is being changed all the time. How can I track it? Thanks!
http://www.sql-server-performance.com/forum/topic.asp?TOPIC_ID=2218 may be is your case.
Luis Martin …Thus mathematics may be defined as the subject in which we never know what we are talking about, nor whether what we are saying is true.
Thanks for the infor. I am still not quite sure how it happened. 1. I have changed the password.
2. The password is changed very often. I have already reset it 3 times recently.
To reset it, you need to know it, if its being changed then how are finding out what the new one is? How often is often?
Make sure no code is playing with this part, securing SA’s password is most important task in a DBA life. You should confirm what kind of monitoring you;ve and able to find the change in the password. _________
Also, take a look at the sproc from sp_password — someone may have compromised it and is logging any password changes you make (allowing them to know the sa password so they can change it again in the future)
The date on the sproc should be the same as the majority of the other system created sprocs in master (depends on your version). Still, if its changing, how are you tracking that its being changed? How do you know what it was changed to so that you can change it back?
The first time I noticed the password changed was while I tried to log in with sa to test my connection. I failed to log in, so I reset it back. That was about a month ago. After that, I tested the password once in a while. So far, I have reset it 3 times. I usually do not use the sa login as I made my NT login System Administrators. Becuase I am System Administrators, I can reset the sa password anytime without knowing what it was before.
Right in that case monitor the activity using PROFILER for SA activities, watch closely for all the transactions and checkup the difference. _________