sa password been reset and BUILTIN/Administrator has been removed from sysadmin group

A SQL SERVER 7 machine on my network was used and abused by a user, who reset the sa password and removed the NT/Administrator user from the SQL server sysadmins group, rendering it inaccessable to any sysadmins.

How can I get sysadmin privileges back on the sql server?

I have tried,
1) starting it in single user mode and trying to connect to it. (i think there is some scope for more investigation here, but im not sure what to try)
2) trying to connect to it using NT privileges.
3) a brute force sa password hack - but this was only check 5 passwords a second, and would have taken many years to get to 8 chars

I can stop the service and copy the mdf and ldf files to another machine and restore them, but then I'm going to end up with the same problem on another machine.

Is there any way I can extract or reset the sa password to blank using a utility?

Many thanks.

Tom H

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Backup all the DBs before u shutdown SQL Server, re-install SQL Server and reset the password upon installation.

Good luck!
tommyhAuthor Commented:
surely this will reinstall the master database, thus destroying all of my logins.

plus I can't login at the moment, so I can't make any backups.
tommyhAuthor Commented:
surely this will reinstall the master database, thus destroying all of my logins.

plus I can't login at the moment, so I can't make any backups.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

tommyhAuthor Commented:
surely this will reinstall the master database, thus destroying all of my logins.

plus I can't login at the moment, so I can't make any backups.
This has been addressed before.

Basically, it says, stop service, backup it up, back it up again, check backs restore ok on seperate box, rebuild it all, restore relevent DBs, recreate logins.

If you don't want to do the rebuild option, then I would thinkt that the best thing to do is to go and find some dictionary cracker software for ODBC connections. If you have enough time, you might even be able to script some.

The place below has some tools. be warned I HAVE NEVER USED ANY OF THEM. ANY PASSWORD / PENETRATION SOFTWARE SHOULD BE CONSIDERED A POTENTIAL TORJAN (ie could take passwords and email to other people / set up holes in your system). If you do want to use them, I would suggest setting up a complete seperate copy of the server, not connected to any network, run the cracker, get your password (if any of them work), write it down, reformat and completely wipe the test machine.

The description on this one looks interesting:
"Sql Dict - Brute-force SQL Server password utility. Good for auditing SQL Server passwords in your organization. Don't use this power for evil. (2202 hits)"

SQLAT - SQLAT is a suite of tools that could be useful for penetration testing a MS SQL Server. The tools are still in development but tend to be quite stable. (1172 hits)

sqlbf - SQL Server password brute forcing tool by xaphan. Source (1717 hits)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tommyhAuthor Commented:

Unfortunately I don't have an account available with backup privileges, and the scheduled maintentaince has packed up. I was trying to detach and reattach the database files but according to the documentation for both sp_attach_single_file_db and sp_attach_db, they both need to be used on previously detached databases.
In the current situation I definitely can't get sysadmin privileges to execute the sp_detach_db stored procedure.

Any ideas on reattaching undetached databases?
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.