Here's a VBScript to check for SA accounts with no password or a password of "SA". Found base code on a Microsoft newsgroup and modified it slightly. This is limited to searching a subnet but came in very handy recently. Save code as AUDITSA.VBS, then execute using the following:

CSCRIPT AUDITSA.VBS SRVLIST.TXT

This creates a text file (SRVLIST.TXT) that identifies the servers at risk...

Contents of AUDITSA.VBS:

------------------------

'Audit subnet for Servers with blank sa password

Dim oApp

Dim oServer

Dim oDatabase

Dim oNames

Dim oName

Dim oTotalSvr

Dim oTotalBlank

Dim oTotalSA

oTotalSvr = 0

oTotalBlank = 0

oTotalSA = 0

Set oApp = CreateObject("SQLDMO.Application")

Set oNames = oApp.ListAvailableSQLServers()

On Error Resume Next

For Each oName In oNames

Set oServer = CreateObject("SQLDmo.SqlServer")

oTotalSvr = oTotalSvr + 1

oServer.LoginSecure = False

oServer.LoginTimeout= 30

oServer.Connect oName,"sa",""

If Err.Number=0 Then

WScript.Echo "!!!Server " & oName & " has a blank sa password"

WScript.Echo oServer.VersionString

WScript.Echo ""

oTotalBlank = oTotalBlank + 1

End If

If Err.Number<>0 Then

oServer.Connect oName,"sa","sa"

If Err.Number=0 Then

WScript.Echo "!!!Server " & oName & " has a sa password equal to SA"

WScript.Echo oServer.VersionString

WScript.Echo ""

oTotalSA = oTotalSA + 1

End If

End If

oServer.DisConnect

Set oServer = Nothing

Err.Clear

Next

Wscript.Echo "Total Servers Checked: " & oTotalSvr

Wscript.Echo "Total Servers w/Blank Password: " & oTotalBlank

Wscript.Echo "Total Servers w/Password of SA: " & oTotalSA

oApp.Quit

Set oApp = Nothing

Wscript.Quit