Yep, it's definitely not advisable, but various people in management have their own SA-level accounts attached to the server, and then there's the main SA-level account for management. Not advisable, but it's what the vendor software we're using does, and it's certainly not the pinnacle of good design 🙁

I'm not exactly tasked with security here, unfortunately, and my advice regarding the (in)security of the system has largely been met with apathy. Now, that apathy is starting to extend my questioning of other, non-IT personnel doing as they please on the servers, and, well, it's going poorly.

I kinda figured there wouldn't be a handy way to just knock this out, and that confirms it. Ah well... I can try to wrangle with this problem in whatever way I have to, even if I'd rather it didn't come to scuffling like this.

Thank you for the information, though! That at least lets me refocus my effort to other, possibly more productive avenues 🙂