May 6, 2026 at 6:43 am
Hi to all
We have situation at a client where someone is illegally changing passwords, reactivating sa user etc with a 3rd part tool. Does anyone know of any way to stop password updates.
Note we this guy is stopping sql agent services and auditing while he does whatever he does, so he causing some problems and resetting password on a daily basis for us. Any help or advice would appreciated
May 6, 2026 at 6:50 am
review all permissions on server and remove any that can be used to change those settings - including possibility of changing SQL Agent jobs (or the SP's they execute) to do that.
Ensure user also has no local admin access to that server as this can also be used to enter the instance through the backdoor.
if he is a DBA then he should be removed from company
May 6, 2026 at 7:33 am
This user seems to be using the 3rd party tool from another server. Somehow accessing the actual master.mdf file from another server. The problem is we have no idea who this person is, it could be one of there client domain admins. It is tricky as a third party provider to find a solution. We already have limited Rdp access to only 3 users
May 6, 2026 at 7:46 am
use a extended event trace to see who/when/how its being done - and if the other server account has sysadmin access to this one, remove it and grant only required minimum access to do whatever it needs (if any at all).
Master.mdf can't be accessed like that - all is done through normal sql. or else the whole server would be a mess
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply