need to get SA password

No need for SSMS or SQL Browser (unless you are running a SQL Server named instance), you can reset it from the DOS command line using SQLCmd and a single System Stored Procedure, provided you have a login that belongs to the sysadmin role.  If you don't it gets more complicated.

Alright,  I stand corrected.  Good to know that you can create users as long as you have access to the sql box.  Pretty weak security IMO.

Why would you say that?  Why is using SQLCmd make it qualify for "weak security" in comparison to using SSMS (your suggestion)?

I'm not saying sqlCmd is weak security.  The fact that you can create a sys_admin role account without being an authorized user to me is weak security.  I agree that physical access is always a security concern, but I wouldn't imagine for one to have a backdoor like that.   Sure you could always just rip the MDF and LDF files to a new instance, but that would require more resources (of having another SQL server installed somewhere).  

Real world example:  
A server admin being able to login to a sql server to retrieve sensitive company data.  In a larger firm where you have dedicated roles, a nefarious admin could run this while doing other routine maintenance (windows patches for instance).  


I would have the ability to get at the data would be more difficult.  Just my two cents.

The fact that you can create a sys_admin role account without being an authorized user to me is weak security.
I don't think anyone said that.  In fact I specifically stated:  you can reset it from the DOS command line using SQLCmd and a single System Stored Procedure, provided you have a login that belongs to the sysadmin role.

I refer you to:
https://www.experts-exchange.com/questions/28327754/need-to-get-SA-password.html?anchorAnswerId=39747023#a39747023

it's possible to create a sys admin account without logging in as a sys admin yourself.