Post reply

To find the user who shut down the SQL Server

  • April 14, 2010 at 12:22 am

    #233879

    Hi All,

    I am having a very urgent issue. Someone have shut down the SQL Server database and I need to find out who have done it.

    1. Checked windows logs.

    2. Checked user logs.

    I am getting the message SQL Server service is stopped and user is N/A.

    I couldn't find who done it. From the logged in status from windows log, I can identify the person but I can't pinpoint that, he have done it. Do we have any possibilities to identify who shut down the SQL server.

    Cheers,

    Venkatesan Prabu .J

    Thanks and Regards,
    Venkatesan Prabu, 😛
    My Blog:

    http://venkattechnicalblog.blogspot.com/

  • April 14, 2010 at 11:34 am

    #1151589

    First - remember that members of sysadmin and serveradmin fixed servers have shutdown privileges then check who are the members.

    Second - check if anybody has the specific privilege granted, you can use query below...

    SELECT

    [srvprin].[name] [server_principal],

    [srvprin].[type_desc] [principal_type],

    [srvperm].[permission_name],

    [srvperm].[state_desc]

    FROM [sys].[server_permissions] srvperm

    INNER JOIN [sys].[server_principals] srvprin

    ON [srvperm].[grantee_principal_id] = [srvprin].[principal_id]

    WHERE [srvprin].[type] IN ('S', 'U', 'G')

    AND [srvperm].[permission_name] = 'SHUTDOWN'

    ORDER BY [server_principal], [permission_name];

    Third - once you get your list of suspects check who had access to the system at the time system went down; now you have your target suspects.

    At this point in time round up the suspects to a dark dungeon and apply third degree interrogation techniques as needed 😀

    _____________________________________
    Pablo (Paul) Berzukov

    Author of Understanding Database Administration available at Amazon and other bookstores.

    Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply

Cookies on SQLServerCentral

This website stores cookies on your computer.

These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.

To find out more about the cookies we use, see our Privacy Policy