The other day I was trying to help someone that had removed the BUILTIN/Administrators logins from their instance without first setting up another user/group as sysadmin. Actually I wasn’t helping. I was telling them that finding the media would be a good move to prepare for the reinstallation.
Then someone posted a note that if you start SQL Server in single user mode, then you can connect with the administrator account and get sysadmin access. It’s true and there’s a BOL entry about this: Troubleshooting: Connecting to SQL Server When System Administrators Are Locked Out
I was surprised that this was the case. If you get locked out on your Windows machine, you’re basically done. There are a few password cracker programs, but the reality should be that if you don’t have the administrator password, and you don’t have any administrator groups define, you should not get in. Sucks if it happens, but that’s strong security.
Why is it different with SQL Server? If someone can log on as “administrator” and start SQL Server in single user mode, then they have access to all your data. I know you should trust your admins, but typically we have separation of duties, and the Exchange administrator should not necessarily be poking around in SQL Server.
On top of that, “administrator” is a generic login. Your auditing won’t tell you who connected.
I think this is a problem, and I actually need to write an editorial on this. It’s a hole that I think deserves to be removed.
