SA password change
-
Hi, I hope someone can help. The SA password on one of my servers has been changed by an unknow party. Is it possible to prevent the SA password being changed and/or to monitor and record who is making the change. Can the person who changed to password be identified restrospectivley?
-
Might be able to with Log Explorer if you have the logs (www.lumigent.com)
Steve Jones
-
Prevent maybe nop but I've remeber my self editing sp_password, so I can log some accounts changes.
From this point I better take the 5th
quote:
Hi, I hope someone can help. The SA password on one of my servers has been changed by an unknow party. Is it possible to prevent the SA password being changed and/or to monitor and record who is making the change. Can the person who changed to password be identified restrospectivley? -
--you can track pwd changes using trace,such as
declare @on bit,@p1 int
select @on = 1
set @P1=1
exec sp_trace_create @P1 output, 1, NULL, NULL, NULL
exec master..sp_trace_setevent @p1, 107, 1, @on -- textdata
exec master..sp_trace_setevent @p1, 107, 6, @on -- ntusername
exec master..sp_trace_setevent @p1, 107, 8, @on -- hostname
exec master..sp_trace_setevent @p1, 107, 10, @on -- appname
exec master..sp_trace_setevent @p1, 107, 11, @on -- sqlusername
exec master..sp_trace_setevent @p1, 107, 14, @on -- startdate
exec master..sp_trace_setstatus @p1, 1
-- you can get data using sp_trace_getdata
-
course you have to have the trace running. If you want to do this, set this up in a stored procedure, mark as a startup procedure, and then monitor and archive or delete this information over time. Probably need some weekly job to do this.
Steve Jones
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply