sa User | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

sa User

Is there any way to protect ‘sa’ user, so nobody can change the password of sa.
Surendra Kalekar
Don’t you trust your admins? [<img src=’/community/emoticons/emotion-5.gif’ alt=’;)‘ />]<br /><br />–<br />Frank Kalis<br />Microsoft SQL Server MVP<br /<a target="_blank" href=http://www.insidesql.de>http://www.insidesql.de</a><br />Ich unterstütze PASS Deutschland e.V. <a target="_blank" href=http://www.sqlpass.de>http://www.sqlpass.de</a>) <br />
Too many admins can cause a security threat…. The only way is to monitor the events specifically from SYSADMIN group. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><br />Too many admins can cause a security threat….<br /><hr height="1" noshade id="quote"></font id="quote"></blockquote id="quote"><br />Too many <b>self-declared so-called</b> admins can cause a security threat…. [<img src=’/community/emoticons/emotion-2.gif’ alt=’:D‘ />]<br /><br /><br />–<br />Frank Kalis<br />Microsoft SQL Server MVP<br /<a target="_blank" href=http://www.insidesql.de>http://www.insidesql.de</a><br />Ich unterstütze PASS Deutschland e.V. <a target="_blank" href=http://www.sqlpass.de>http://www.sqlpass.de</a>) <br />
how many of your staff are using sa password. seems to be lot.
Why can’t you assign them other user name of their own!!
I am agree with Dinesh, as too many users are using SA credential its better if you create seprate logins with appropriate privillage and assign them to each person who require members. this is the best practice i think.<br /><br /><br />[<img src=’/community/emoticons/emotion-1.gif’ alt=’:)‘ />]<br />Regards.<br /><br />hsGoswami<br />[email protected]
Or else have a control on the file where you store the passwords. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
Thanks everybody for your suggestions.
We have one user for each group. We don#%92t have individual user logins. Few days before, in my absence one of our developer had change the password of sa and he couldn#%92t set back to original password.
This is the case… and to avoid it I asked you all Guru#%92s the solutions on it. I will definitely try out some solution and will let you know.
Thanks once again. Surendra Kalekar
It is similar to our setup and in this case you must have a change control in order to perform such admin activities. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
]]>