Hi all, I have a query which originated from external auditors ...
They wanted to know when alst the sa account was used (i'm using the login_time field) from the below quer
SELECT MAX(login_time) AS [Last Login Time], login_name [Login]
FROM sys.dm_exec_sessions FROM sys.dm_exec_sessions
GROUP BY login_name; GROUP BY login_name;
the sa account seems to update roughly every 2 minutes, I want to know is this an internal process or is it being used?
I already changed the password and no one complained so it confirmed to me that no one is using or knows the password. there are no login failed messages in our error log as well.
This is why i suspect it is an internal process of some sort. I basically need to give the auditors a valid reason. I haven't found anything on the net as of yet.
I ran a sql trace as well and it doesn't pickup the sa account being used with the audit login or audit logout fields.
Do any of you guys know perhaps?
The above results show that the session id from 1 - 40 using the sa account login.
The cmd's being used for session_id 1 - 40 are The cmd's being used for session_id 1 - 40 are
LOG WRITER, RECOVERY WRITER, LAZY WRITER, LOCK MONITOR, SIGNAL HANDLER, RESOURCE MONITOR, ect
These are sql internal commands which the sa uses and seems to be the reason why the login_time filed updates regularly, when these commands are triggered ...
If anyone has something to add please shoot.
MCITP: Database Administrator 2005
MCTS DBA 2008
MCSA DBA 2014