January 21, 2011 at 11:01 am
Hello:
To make a long story short, our IT director left. We do not know the password for the sa login.
But we do have one extra userid/password with some admin priviledges that our apps and reports use. So far we have been living ok with that.
Plus we have some windows users being able to login via windows authentication.
Unfortunately, I don't think we can go on everyday without finding that password.
Any help is appreciated.
We use SQL server 2005 ( We are a healthcare Company )
January 21, 2011 at 11:07 am
If you have an admin login, you can reset the sa password to whatever you like. There's no "getting it back".
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
January 21, 2011 at 11:10 am
How would I do that ?
January 21, 2011 at 11:12 am
Login with windows admin account and simply change the password of sa.
January 21, 2011 at 11:20 am
Can you give some details here.
Ok, so I get into SQL Server Managerment Studio and then ???
Open a new quesry window and type a command ??
I need some clarity here. Not sure where to go or click ?
January 21, 2011 at 11:25 am
SSMS
open your server with windows account
security
logins
double-click on sa
general
type in the new password, confirm and hit ok
January 21, 2011 at 1:25 pm
As long as you have at least one user with sysadmin privileges that can login to that instance, then you do not need to know the sa password.
In fact, you shouldn't ever need the sa login or password and you shouldn't use that account for anything.
By default, there is a group added to SQL Server called BUILTIN\Administrators. If that group has not been changed (remove sysadmin right) or deleted then anybody who is a local administrator on the machine hosting that instance of SQL Server will have sysadmin rights.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
January 21, 2011 at 2:09 pm
Jeffrey Williams-493691 (1/21/2011)
As long as you have at least one user with sysadmin privileges that can login to that instance, then you do not need to know the sa password.In fact, you shouldn't ever need the sa login or password and you shouldn't use that account for anything.
By default, there is a group added to SQL Server called BUILTIN\Administrators. If that group has not been changed (remove sysadmin right) or deleted then anybody who is a local administrator on the machine hosting that instance of SQL Server will have sysadmin rights.
That's true enough, but if a prior employee knows the sa password, you need to change it anyway.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
January 21, 2011 at 2:29 pm
I would recommend not using that username for anything. In my installations we set the password to some random value that the users don't know, even the DBA usually doesn't. The password is stored just in case but can be changed at ANY time with no worries.
I have taken the position that any use of the sa user is disallowed and if your code breaks because you were doing it is not our problem. This is one of the few hard lines I take and do not waver on it.
CEWII
January 21, 2011 at 2:44 pm
Well, there are unfortunately ways of seeing the password in clear text if any of the following are true:
Applications connect to the server using SA
Anybody connects to the server using SA
SQL Server stores SQLAuth passwords in cleartext in memory and there are apps on the market that allow you to view the password in memory while a connection is open.
http://www.sentrigo.com/passwords
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
January 21, 2011 at 4:56 pm
Elliott Whitlow (1/21/2011)
I would recommend not using that username for anything. In my installations we set the password to some random value that the users don't know, even the DBA usually doesn't. The password is stored just in case but can be changed at ANY time with no worries.I have taken the position that any use of the sa user is disallowed and if your code breaks because you were doing it is not our problem. This is one of the few hard lines I take and do not waver on it.
CEWII
I also take a hard line on this - and generally, nobody knows the password. I use a password generator to generate a 20-character strong password, install and configure SQL Server and store that password in a keypass safe.
I have had to bend a couple of times, because there were just too many places for that application where it was used. But, as soon as I can get that changed and updated everywhere it is no longer used.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
January 24, 2011 at 6:51 am
All right,
Now that secutity is an issue, I need help on the following:
1. Need to create a user
2. The user should only have read priviledges.
3. Be able to execute a stored procedure
( To make a long story short this is what the stored proc does:
The stored proc will insert a bunch of records to a table and then execute one final select statement. )
I am going to use this user for an application.
January 24, 2011 at 6:54 am
Could you please post the new question in a new thread? Thanks
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 13 posts - 1 through 12 (of 12 total)
You must be logged in to reply to this topic. Login to reply