August 7, 2015 at 1:28 pm
I was asked to help with a problem earlier today. One of my co-workers was hardening a stand-alone SQL 2008 install on a laptop, but was having some issues.
Well, it looked like someone who worked on it before him had removed *ALL* users except SA from the SysAdmin server role, AND had disabled SA. So, since we could'nt log in as SA (also didn't help no knew the password,) couldn't add ourselves to Sysadmin, I thought *maybe* we could sneak in through the DAC and re-enable SA.
Which, leaving aside the fact that it needed the SA password (turns out whoever set it up originally didn't record it apparently...) my question is, would this have worked?
Even with SA set to disabled, would we have been able to get in via the DAC? I've done some quick googling for this, but mostly I'm finding "what can you do with the DAC" sort of postings...
August 7, 2015 at 1:33 pm
Looks like I was trying to do this the hard way, I should've just set the SQL Server service to start with -m, and made sure the other services didn't start...
August 7, 2015 at 1:34 pm
Jason i know i inherited a ton of servers, where noone was still around to add users as sys admin, or there was no admin at all.
I've got several scripts(powershell, bat files, another something that calls psexec and sqlcmd as a system account) that i can use add myself to a sysadmin instance i have local control over. some require stopping and starting the services in single user, some don't, depending on what i can use.
it's very easy to just blast through the install clicking next...next...next, and forget to add yourself to a SQL instance as an admin; I've done it myself!
so its also possible that the permissions were not removed, but never added to begin with.
Lowell
August 8, 2015 at 7:33 am
Lowell I'm rather glad that I didn't have a hand in this install, and thankfully, other then putting the timeframe for what they were doing back by a day or so it wasn't anything critical...
I guess that's what happens when a non-SQL person goes to install SQL. It's really easy to miss something like that, then you're either back at square one, searching the internet, or calling for help...
August 8, 2015 at 10:47 am
jasona.work (8/8/2015)
I guess that's what happens when a non-SQL person goes to install SQL.
You said a mouthful there. I just went through all of that. New Dev and Staging servers were supposed to be installed using the Developer's Edition. What did this one person do? Installed the Evaluation Edition. Yeeeehaaaa! I won't even bring up the mess this one person made when it came to which drives things were supposed to be installed on according to the written spec that he didn't follow.
--Jeff Moden
Change is inevitable... Change for the better is not.
August 8, 2015 at 1:00 pm
Heh, Jeff, I feel your pain...
At least in this case, I wasn't going to be responsible for managing this install, I was just called in to try to help get them going on hardening the install...
Which, someone apparently did start, but poorly...
August 8, 2015 at 2:30 pm
Jeff Moden (8/8/2015)
jasona.work (8/8/2015)
I guess that's what happens when a non-SQL person goes to install SQL.You said a mouthful there. I just went through all of that. New Dev and Staging servers were supposed to be installed using the Developer's Edition. What did this one person do? Installed the Evaluation Edition. Yeeeehaaaa! I won't even bring up the mess this one person made when it came to which drives things were supposed to be installed on according to the written spec that he didn't follow.
Now that is a mouthful there. I have seen that far too often. Sadly, for those people it never changes. They continue to do things their way.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply