October 10, 2007 at 9:40 am
We have had some contractors Remote Desktop to the sql box to develope an application for us in house.
They changed the sa password, and do not remember what it is, now the application is offline and users are screaming where there application is.
Any suggestions on accessing the sa account and getting the application back on line.
October 10, 2007 at 10:06 am
if there is a windows user that has SA role, just have them login and change the SA password to what it is supposed to be. By default, local admins usually have access to do this, unless that account was removed from your sql install.
October 10, 2007 at 10:59 am
I went into the SQL server configuration Manager and changed the permissions on the services that were stopped,
then restarted those service on that instance of sql and the application works again.
I think, I might have to remove desktop permissions for my contractors.
October 10, 2007 at 11:32 am
It is not wise to run the applications on SA password. It not only leads to problems as you mentioned but also would make the security vunerability more. If you have decided to use SA password for your application make sure you encrypt your configuration files where you store the user credentials of your database server.
Prasad Bhogadi
www.inforaise.com
October 10, 2007 at 11:34 am
Remote Desktop: If they are making undocumented changes, yes, their access should be revoked. However, before doing so, you might want to audit that server to see what else changed.
SA Account: If an application is using this account and you have any other choice, change to a lesser privileged account immediately! This is one of the golden rules of SQL Server security: Thou shalt not use the sa account unless absolutely necessary (and even then, check twice).
Services: When you said they changed the permissions on the services, the question to ask them is, "Why?" Maybe they can give you some insight into what they were trying to do.
K. Brian Kelley
@kbriankelley
October 19, 2007 at 11:45 am
We give contractors a Windows account, then give them just as much SQL access as they need. If an app needs a SQL login, then we create a specific one for that. Only a few trusted people should know the sa password (DBA, Network Admin maybe ...)
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply