January 10, 2008 at 10:01 am
After reading through many of your articles I know this question will make many of you cringe and I apologize for that.
I have come into a small IT shop that has roughly 10 separate servers with MS SQL Server 2000. When the Network Admin set up the servers over the last 5 years they always installed SA with no password. I am trying to figure out the best way to rectify this. Can this password be changed with out impacting the applications or do I need to call each and every applications tech support lines to figure this out?
This problem came to light when one of our power users wanted to update the SQL database on the website. They wanted SQL Server Enterprise Manager ( not sure this is really the tool they would need so any recommendations would be welcomed ) and the Network Admin explained to me that the security was lacking.
Thanks in advance.
January 10, 2008 at 10:21 am
I would
1. Send an email to those using the database inquiring if they are using the sa password for connection to the database. Advise them that the password will be changed in a couple of days.
2. I would then turn on the security audit for all on the SQL Server, to check that the connections which are being made to the database. Monitor for a couple of days. Ensure that now one is connecting using sa.
3. If they are using the sa account, create a new account with only the necessary permissions, and give them that account.
4. Change the sa account, and prevent anyone from accessing the server with it. If they are any issues, the users will scream, and you can either re-enable if the login is hard coded in an application, or give them a new account with only the necessary permissions (second option recommended)
January 10, 2008 at 10:25 am
It depends whether the apps are connecting using the sa account, or if they have their own accounts.
In your favourite querying tool
select * from sysprocesses where spid>50 --(the where is because spids less than 50 are system connections)
If you see any with a login name of sa, they you've got some fun ahead of you. Personally, I'd just change the sa password. But that's just me.
p.s. SQL 2000 questions in the SQL 2000 forums please. People tend to assume anything in the 2005 forums is about 2005, and may offer you suggestions that won't work on an earlier version.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
January 10, 2008 at 10:31 am
Sorry for the blunder! The Newbie description explains it all.
Thanks for all your answers.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply