April 22, 2009 at 12:12 am
Hi Expertz
Today in one of our testing machines someone changed the 'sa' password.
It caused a horror for some of us in the team as we couldn't reset it.
Later we reset it using windows authentication.
Can you please help me to find who could have changed the 'sa' password.
Tanx 😀
April 22, 2009 at 1:07 am
There are chances that someone from the Builtin\Administrator is present in SQL Server,which can login with an ID which is member of Administrators group and reset the SA password....
April 22, 2009 at 1:20 am
YA might be.......
But what i want to Know is there anyway to find who , when and from where the 'sa' password was reset.
Tanx 😀
April 22, 2009 at 1:20 am
I dont know if you can find out who changed the sa pwd. Check out the sql logs to see if there is anything in there.
You can write a DDL trigger for the alter login event to catch any change in a login from now on.
"Keep Trying"
April 22, 2009 at 2:01 am
Who changed it -- we cannot trace unless you were running a trace.iam not sure .
when it was changed--
USE Master
GO
SELECT [name],create_date, modify_date
FROM sys.sql_logins
WHERE [name] = 'sa'
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply