Hi All,
I am running SQL server 2000 with sp3a on Windows Server 2003,I am running 6
data bases on this server & the authentication type is mixed. I would like to
know what are the implications if I change the sa password. Also would like
to know what all the precautions to be taken to do so.
With Regards,
Ovin
Have a look at sp_password?
"Ovin Crasta" <OvinCrasta@.discussions.microsoft.com> wrote in message
news:C5EBB60D-6421-4C34-943C-46C767389402@.microsoft.com...
> Hi All,
> I am running SQL server 2000 with sp3a on Windows Server 2003,I am running
6
> data bases on this server & the authentication type is mixed. I would like
to
> know what are the implications if I change the sa password. Also would
like
> to know what all the precautions to be taken to do so.
> With Regards,
>
|||Hi,
There is no implications in changing the SA password. THe only thing is
check in your application for any hard coded password for sa.
If it is not there then you could change the password for SA.
Note: It is not recommended to use SA password from application. If used
create a new login with DB_owner prev. and access the application.
Thanks
Hari
SQL Server MVP
"Ovin Crasta" <OvinCrasta@.discussions.microsoft.com> wrote in message
news:C5EBB60D-6421-4C34-943C-46C767389402@.microsoft.com...
> Hi All,
> I am running SQL server 2000 with sp3a on Windows Server 2003,I am running
> 6
> data bases on this server & the authentication type is mixed. I would like
> to
> know what are the implications if I change the sa password. Also would
> like
> to know what all the precautions to be taken to do so.
> With Regards,
>
|||In SQL Server 6.5 and earlier, many tasks could only be down as the actual sa
and Windows Network Authenticated system administrators were actually mapped,
aliased, as the sa.
However, since SQL Server 7.0, the creation of the system roles removed this
rectriction. Any login, SQL Server Autenticate or Windows Authenticated, who
is also a member of the system_administrators system role will have the EXACT
same permissions as the sa account itself. The security issue here is that
EVERYONE knows that the sa account exists; thus, this is a huge security hole.
It is not only a good idea to reset this password but to do it often and
make it as complex as possible.
As far as the impact to the system is concerned, it should not as long as no
applications are using them. If you are the application developer, you
should know whether or not you are using this account and switch the
application's login to something else if it is. If you are but a lowly DBA,
you may not know, not have access, or be supporting ill-coded vendor
applications. Regardless, you can use the SQL Server Profiler and audit for
the sa account login. You will have to filter out legitamate system
operations that typically will use the sa account also. How long you run
this audit depends on the nature of the applications support but one work day
to a business week should be enough to identify those systems that may be
using this account.
If all else fails, you can extract out the encrypted password if you do not
already know it, and be prepared to reset the account's password to its
original if issues arise.
Sincerely,
Anthony Thomas
"Ovin Crasta" wrote:
> Hi All,
> I am running SQL server 2000 with sp3a on Windows Server 2003,I am running 6
> data bases on this server & the authentication type is mixed. I would like to
> know what are the implications if I change the sa password. Also would like
> to know what all the precautions to be taken to do so.
> With Regards,
>
|||You could run a Profiler trace to catch who logs in using the "sa" login and based on that determine
what you need to do. No-one should need to login as sa, but some (badly written) apps do, though...
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Ovin Crasta" <OvinCrasta@.discussions.microsoft.com> wrote in message
news:C5EBB60D-6421-4C34-943C-46C767389402@.microsoft.com...
> Hi All,
> I am running SQL server 2000 with sp3a on Windows Server 2003,I am running 6
> data bases on this server & the authentication type is mixed. I would like to
> know what are the implications if I change the sa password. Also would like
> to know what all the precautions to be taken to do so.
> With Regards,
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment