May 31, 2013 at 4:47 am
Hi
I have been tasked with 'the removal of the sa account in any environment'
I have ran sp_blitz and it has come back with some helpful info.
The results show a number of Dev's who currently have sysadmin level privilages and other logins such as 'replicationmaster', 'sqlserveragent','mssqlserver' with sysadmin. If i disable the sa account this will not effect these logins will it ? Therefore what is the difference between the actual sa account and logins that are assigned into the sysadmins - which is the same as the sa right ?
May 31, 2013 at 4:55 am
PearlJammer1 (5/31/2013)
If i disable the sa account this will not effect these logins will it ?
No.
Therefore what is the difference between the actual sa account and logins that are assigned into the sysadmins?
None, other than that 'sa' is a known account name.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 31, 2013 at 4:57 am
Having the sysadmin server role means you can do anything on the SQL Server, so I would treat it as being the same as the 'sa' account. You'll also want to check out the serveradmin server role.
As for removal of the sa account, don't drop the account. If you do, you'll run into problems if you ever want to upgrade. I've disabled them in my environments.
May 31, 2013 at 5:31 am
No I definately wont drop the account I will just disable and rename it i think is the best practice.
Is there a way to see if the sa account is the owner of any jobs that may run on the server - beacsue if i disable it then the jobs wont run ? (other than by manually checking the properties of each job on each instance !!)
Thanks
May 31, 2013 at 5:43 am
This will give you the jobs owned by sa:
select j.name, l.loginname
from msdb.dbo.sysjobs j
inner join syslogins l on j.owner_sid = l.sid
where l.loginname = 'sa'
order by j.name;
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply