Hi - If I understand your question you are trying to find out if you can identify who is using the 'sa' account and from where.

There is a solution out there but I can't post this on this thread since it could be considered advertising. Please contact me (hroggero001@hotmail.com) and I can provide you with the company name/product that achieves what you are looking for.

The solution will allow you to:

> Block the use of 'sa' from any machine outside of the database server itself and the GP box

> Log all attempts to use the 'sa' account from anywhere along with the IP address

> Use 2-factor authentication (extreme case) if you want to know who is actually using 'sa' and from which IP/MAC address

> Ensure that 'sa' is only usable by GP and not Query Analyzer

Regards,

Herve