Post reply

Disable sa account in 2000

  • April 2, 2004 at 2:50 pm

    #65174

    Hello,

    What is the best way to disable the sa account in 2000?  Here is what I'm planning on doing:

    1. Change the password from blank to something very strong.

    2. Clear Server Roles.

    3. Clear all Database Access.

    Will this do it, or is there a better way?

    Thanks,

    Steve DiDomenico

    Nashua, NH

     

     

     

     

     

     

  • April 2, 2004 at 3:08 pm

    #501676

    Not sure you can clear the roles, but I'd change to a strong one time password and then rotate that every 30 days.

    Alternatively, if you can, disable SQL Auth.

  • April 5, 2004 at 2:49 pm

    #501807

    Thanks Steve. Just so I understand, can you tell me what you mean by "Disable SQL Auth."  Does it have to do with the Authentication Mode?

  • April 6, 2004 at 1:35 pm

    #501925

    You cannot change the role of the sa user.

    Disable SQL Auth. is for the authentication mode. If you use only Windows Authentication you cannot login with the sa.

  • April 6, 2004 at 3:27 pm

    #501932

    If you use windows authentication, you still should set a strong sa password.

    Steven

  • April 6, 2004 at 4:19 pm

    #501936

    Correct, set a strong pwd since you never know when it will get switched.

  • April 7, 2004 at 11:57 am

    #502040

    Thank you to all who replied.  For now, we cannot disable SQL Auth. as we have some System DSN's using mixed mode.  Some are used by Crystal Reports that need to get default database information and can only seem to get it when using a SQL Server Login in the System DSN.  And some are VBScript cscripts that need to connect to the database.  Until I can figure out a way to use NT Auth. for Crystal and cscripts,  we will need to remain Mixed Mode. 

  • April 7, 2004 at 12:08 pm

    #502043

    I hope your crystal report is not using sa for the login...  regardless of how strong your password is, if you let this password be kept on a file somewhere, it is still a dangerous bet to have.  I think stuff like report that use sql authentication should have limited rights for a specific function.  Maybe it's time to tighten the belt on what that report account could do.

     

    mom

  • April 7, 2004 at 1:20 pm

    #502050

    Hey mom,

    My last posting was only to reply to the suggestion of "disable SQL Auth."  sa is not used anywhere.  Thanks for your concern.

    Steve DiDomenico

    Nashua, NH

  • April 15, 2004 at 8:04 pm

    #503054

    Have you specifically set the default database in the System DSN?

    For the VBScripts, you should be able to modify a connection string.

    --------------------
    Colt 45 - the original point and click interface

  • April 16, 2004 at 7:06 am

    #503122

    Thanks Phil, we have this all sorted out.

  • September 4, 2007 at 10:05 pm

    #731383

    From what you said, there is no way to disable "sa" account in sql 2000, isn't it?

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply