SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


sa removal


sa removal

Author
Message
Mscode_Pro
Mscode_Pro
Old Hand
Old Hand (318 reputation)Old Hand (318 reputation)Old Hand (318 reputation)Old Hand (318 reputation)Old Hand (318 reputation)Old Hand (318 reputation)Old Hand (318 reputation)Old Hand (318 reputation)

Group: General Forum Members
Points: 318 Visits: 215
Smile hello professionals, i think it is a lecture for soft skills. lol

YoU CaN't LoSe WhAt YoU NeVeR HaDWink
Manoj-485464
Manoj-485464
UDP Broadcaster
UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)UDP Broadcaster (1.4K reputation)

Group: General Forum Members
Points: 1437 Visits: 130
You Should not be able to Delete SA login from the server, But you could be able to DISABLE the SA account from the server.

Manoj

MCP, MCTS (GDBA/EDA)

Stacey
Stacey
SSC Eights!
SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)

Group: General Forum Members
Points: 888 Visits: 161
My approach to being a DBA is that I am here to protect the companies data. These to me means that no one ever uses the sa account on any system that I managed. I told this to the management team before I was hired.

As the DBA you are not always popular. You are there to protect the money, which is exactly what information in a companies database is.

Take the hard line of changing the password, then rename sa to something else (good security practise anyway), any only use that account in an emergency. Limit right on databases to only what is required and even question that access.

If you do not protect the data and something happens to it, you are the one that is in trouble. Take the hard line, and in the log run you and your company will be better off for it.


Stacey W. A. Gregerson

Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)

Group: General Forum Members
Points: 505026 Visits: 44239
Manoj (6/3/2008)
You Should not be able to Delete SA login from the server, But you could be able to DISABLE the SA account from the server.


Cool... how would you go about doing that?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)

Group: General Forum Members
Points: 505026 Visits: 44239
gregers65 (6/23/2008)
My approach to being a DBA is that I am here to protect the companies data. These to me means that no one ever uses the sa account on any system that I managed. I told this to the management team before I was hired.

As the DBA you are not always popular. You are there to protect the money, which is exactly what information in a companies database is.

Take the hard line of changing the password, then rename sa to something else (good security practise anyway), any only use that account in an emergency. Limit right on databases to only what is required and even question that access.

If you do not protect the data and something happens to it, you are the one that is in trouble. Take the hard line, and in the log run you and your company will be better off for it.


I absolutely agree there... Protect the data at all costs. If they don't agree, then maybe it's to start looking for a company that actually knows what a DBA is supposed to do.

Shifting gears... I've never tried renaming SA to something else... how would you do it?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Stacey
Stacey
SSC Eights!
SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)SSC Eights! (888 reputation)

Group: General Forum Members
Points: 888 Visits: 161
Example:

ALTER LOGIN sa WITH NAME = peanutbuttercup

Available with 2005


Stacey W. A. Gregerson

Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)SSC Guru (505K reputation)

Group: General Forum Members
Points: 505026 Visits: 44239
Heh... Embarassingly simple. Thanks Stacey.

Mobasha... that's gotta be as good as deleting SA... still, your users are going to know that you can give SA privs to any login... I'm still thinking that this is a lost cause and you and your managers just need to tell folks, "No". Smile

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
steveb.
steveb.
One Orange Chip
One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)One Orange Chip (25K reputation)

Group: General Forum Members
Points: 25366 Visits: 7195
Just say NO.

you wouldn't expect the sys admin to give everyone full access to the AD.
egementanirer
egementanirer
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 15
Solution
Please try the link below;

http://egementanirer.blogspot.com/2014/01/removing-sysadmin-roles-from-sa-user.html
GilaMonster
GilaMonster
SSC Guru
SSC Guru (546K reputation)SSC Guru (546K reputation)SSC Guru (546K reputation)SSC Guru (546K reputation)SSC Guru (546K reputation)SSC Guru (546K reputation)SSC Guru (546K reputation)SSC Guru (546K reputation)

Group: General Forum Members
Points: 546818 Visits: 47732
Please note: 5 year old thread.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum








































































































































































SQLServerCentral


Search