SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


sa removal


sa removal

Author
Message
Mscode_Pro
Mscode_Pro
Valued Member
Valued Member (52 reputation)Valued Member (52 reputation)Valued Member (52 reputation)Valued Member (52 reputation)Valued Member (52 reputation)Valued Member (52 reputation)Valued Member (52 reputation)Valued Member (52 reputation)

Group: General Forum Members
Points: 52 Visits: 215
Smile hello professionals, i think it is a lecture for soft skills. lol

YoU CaN't LoSe WhAt YoU NeVeR HaDWink
Manoj-485464
Manoj-485464
SSC Veteran
SSC Veteran (259 reputation)SSC Veteran (259 reputation)SSC Veteran (259 reputation)SSC Veteran (259 reputation)SSC Veteran (259 reputation)SSC Veteran (259 reputation)SSC Veteran (259 reputation)SSC Veteran (259 reputation)

Group: General Forum Members
Points: 259 Visits: 130
You Should not be able to Delete SA login from the server, But you could be able to DISABLE the SA account from the server.

Manoj

MCP, MCTS (GDBA/EDA)

Stacey
Stacey
SSC Veteran
SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)

Group: General Forum Members
Points: 256 Visits: 161
My approach to being a DBA is that I am here to protect the companies data. These to me means that no one ever uses the sa account on any system that I managed. I told this to the management team before I was hired.

As the DBA you are not always popular. You are there to protect the money, which is exactly what information in a companies database is.

Take the hard line of changing the password, then rename sa to something else (good security practise anyway), any only use that account in an emergency. Limit right on databases to only what is required and even question that access.

If you do not protect the data and something happens to it, you are the one that is in trouble. Take the hard line, and in the log run you and your company will be better off for it.


Stacey W. A. Gregerson

Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)

Group: General Forum Members
Points: 87384 Visits: 41113
Manoj (6/3/2008)
You Should not be able to Delete SA login from the server, But you could be able to DISABLE the SA account from the server.


Cool... how would you go about doing that?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)

Group: General Forum Members
Points: 87384 Visits: 41113
gregers65 (6/23/2008)
My approach to being a DBA is that I am here to protect the companies data. These to me means that no one ever uses the sa account on any system that I managed. I told this to the management team before I was hired.

As the DBA you are not always popular. You are there to protect the money, which is exactly what information in a companies database is.

Take the hard line of changing the password, then rename sa to something else (good security practise anyway), any only use that account in an emergency. Limit right on databases to only what is required and even question that access.

If you do not protect the data and something happens to it, you are the one that is in trouble. Take the hard line, and in the log run you and your company will be better off for it.


I absolutely agree there... Protect the data at all costs. If they don't agree, then maybe it's to start looking for a company that actually knows what a DBA is supposed to do.

Shifting gears... I've never tried renaming SA to something else... how would you do it?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Stacey
Stacey
SSC Veteran
SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)SSC Veteran (256 reputation)

Group: General Forum Members
Points: 256 Visits: 161
Example:

ALTER LOGIN sa WITH NAME = peanutbuttercup

Available with 2005


Stacey W. A. Gregerson

Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)

Group: General Forum Members
Points: 87384 Visits: 41113
Heh... Embarassingly simple. Thanks Stacey.

Mobasha... that's gotta be as good as deleting SA... still, your users are going to know that you can give SA privs to any login... I'm still thinking that this is a lost cause and you and your managers just need to tell folks, "No". Smile

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
steveb.
steveb.
SSCarpal Tunnel
SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)

Group: General Forum Members
Points: 4440 Visits: 7195
Just say NO.

you wouldn't expect the sys admin to give everyone full access to the AD.
egementanirer
egementanirer
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 15
Solution
Please try the link below;

http://egementanirer.blogspot.com/2014/01/removing-sysadmin-roles-from-sa-user.html
GilaMonster
GilaMonster
SSC Guru
SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)

Group: General Forum Members
Points: 88407 Visits: 45283
Please note: 5 year old thread.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search