September 16, 2008 at 10:58 am
Hello All,
Is there such a thing as number of SA login tries in SQL Server. If someone is trying to log on as SA and after 6th time the account is locked up. Is there such a thing? There is login time out but # of tries I am not aware of.
Thank you.
September 16, 2008 at 11:17 am
lock out sa = lock yourself out of the server (unless you have other admin access rights).
Why do you want to do this?
Can C2 audit (failures) get you on your way there? I'm sure you can scan the logs periodically and see if a hacker has tried to get in.
September 16, 2008 at 11:21 am
A security company is trying to use sa account to hack on to our sql server and they say after 6 tries it locks out the account. My question is, is there such a property in SQL Server that after 6 tries it locks out SA account?
THanks.
September 16, 2008 at 11:51 am
Check to see if there's a server trigger that disables that login.
You can also lookup alter login. Maybe that'll spark you on the right direction.
From my quick research, it does not appear to be a built-in feature, but I could be wrong there.
September 16, 2008 at 12:09 pm
Hello Ninja,
Thank you for your response. I will take it as there is no such thing as locking the SA account after # of logins in SQL Server.
Thanks again.
September 16, 2008 at 1:07 pm
There is a password policy in SQL Server 2005, and if the host OS supports it, SQL Server can respect that. I thought the SA account was immune, but I could be wrong.
No mention of it here: http://msdn.microsoft.com/en-us/library/ms161959.aspx
September 16, 2008 at 2:17 pm
Steve Jones - Editor (9/16/2008)
There is a password policy in SQL Server 2005, and if the host OS supports it, SQL Server can respect that. I thought the SA account was immune, but I could be wrong.No mention of it here: http://msdn.microsoft.com/en-us/library/ms161959.aspx
- Nope, sa will also get locked if the password policy is enabled.
However, you can disable password policy.
(I suffered it today :ermm: )
- You can unlock it by providing a password and specifying the extra unlock keyword
alter login sa with password='yournewpassword' unlock;
- You may want to have your servers login auditing level set to at least "failed login only", so you get notifications of failures in your sqlserver errorlog. (with ip-address !)
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
September 16, 2008 at 3:14 pm
Good to know!
September 16, 2008 at 3:18 pm
Thank you all for your time. If the login has the "Enforced password policy" checked then if the windows server has a value under LocalSecurityPolicy\SecuritySettings\AccountPolicies\AccountLockoutPolicy\AccountLockoutThreshold
then the login will take on that value into account. This is my latest understanding.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply