Here's a VBScript to check for SA accounts with no password or a password of "SA". Found base code on a Microsoft newsgroup and modified it slightly. This is limited to searching a subnet but came in very handy recently. Save code as AUDITSA.VBS, then execute using the following:
CSCRIPT AUDITSA.VBS SRVLIST.TXT
This creates a text file (SRVLIST.TXT) that identifies the servers at risk...
Contents of AUDITSA.VBS:
------------------------
'Audit subnet for Servers with blank sa password
Dim oApp
Dim oServer
Dim oDatabase
Dim oNames
Dim oName
Dim oTotalSvr
Dim oTotalBlank
Dim oTotalSA
oTotalSvr = 0
oTotalBlank = 0
oTotalSA = 0
Set oApp = CreateObject("SQLDMO.Application")
Set oNames = oApp.ListAvailableSQLServers()
On Error Resume Next
For Each oName In oNames
Set oServer = CreateObject("SQLDmo.SqlServer")
oTotalSvr = oTotalSvr + 1
oServer.LoginSecure = False
oServer.LoginTimeout= 30
oServer.Connect oName,"sa",""
If Err.Number=0 Then
WScript.Echo "!!!Server " & oName & " has a blank sa password"
WScript.Echo oServer.VersionString
WScript.Echo ""
oTotalBlank = oTotalBlank + 1
End If
If Err.Number<>0 Then
oServer.Connect oName,"sa","sa"
If Err.Number=0 Then
WScript.Echo "!!!Server " & oName & " has a sa password equal to SA"
WScript.Echo oServer.VersionString
WScript.Echo ""
oTotalSA = oTotalSA + 1
End If
End If
oServer.DisConnect
Set oServer = Nothing
Err.Clear
Next
Wscript.Echo "Total Servers Checked: " & oTotalSvr
Wscript.Echo "Total Servers w/Blank Password: " & oTotalBlank
Wscript.Echo "Total Servers w/Password of SA: " & oTotalSA
oApp.Quit
Set oApp = Nothing
Wscript.Quit