Solved

SQL Security Breach

Posted on 2003-12-10
23
345 Views
Last Modified: 2006-11-17
we have 4 sql servers running in mixed authentication mode

it appears someone that no longer works with us has changed the SA password

I still have access to the master database using the domain admin account with windows authentication

We need to regain control of the sa account.

cannot use sa_passwrd procedure as we dont know the current sa password

and sa_changedbowner procedure says we can not chage the owner of the master database.

does anyone have any method of getting the SA password or changing it when it is not known.


SQL 2000
Windows 2000 Server
NT4 Domain Controllers.
0
Comment
Question by:Raybans
  • 10
  • 7
  • 3
23 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9910755
can you get into sql server enterprise manager, with integrated windows authentication? if you do, just go there to change the security mode to system, change the password by right clicking the server icon then choose the corresponding task.

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9910913
just run my sql2k and got into the enterprise manager, let me give you much specific instructions: choose MS SQL Servers/SQL Server Group/computername/Security/Login from the left pane, right click the user "sa" at the right pane, choose Properties, change the password there, retype it again. thanks ok.
0
 
LVL 2

Author Comment

by:Raybans
ID: 9910947
where do you change the security mode to system??

(sorry for being a little slow, SQL is not usually my area, but trust from the boss is)
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9910964
ok, right click MS SQL Servers/SQL Server Group/computername, choose Properties, then choose Security tab, it is there. btw, have you changed sa's password? if so, just keep current security mode if you like.
0
 
LVL 2

Author Comment

by:Raybans
ID: 9911092
I can not change the SA password which is what I am trying to do.

when you describe security mode as system

are you talking about windows only, as I can not see any reference to system
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9911106
1. odd, i just changed my sa before my 2nd post, to make sure what i posted is correct. just tell me what the enterprise manager (with MMC) said for it.
2. sorry for confusion. yes, it should be "widnows only".
0
 
LVL 2

Author Comment

by:Raybans
ID: 9911252
still wouldnt let us do that

although what you said worked on the test box the production box would not let us.

but the anwer was since we had access using the domain account from windows to run the sp_password and reset the SA account that way

thanks for your help anyway.
0
 
LVL 2

Author Comment

by:Raybans
ID: 9911274
(( I want to award you 150 points still for helping so quick even though the answer was one we had already tried and was not the solution, how do I do that??? ))
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9911278
nice to hear it. just recommend you save SA's password safely and create a backup DB administrator with same rights as SA.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9911319
you mean you want to award me 500 points with additional 150 bonus to me? :-)) if so, thanks in advance. you may just new a 150 points question and fill the subject as "dedicated for bbao", i think.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 2

Author Comment

by:Raybans
ID: 9911465
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 9911548
Just for reference in the worst case senario if the sa pwd is not known and domain admins have been demoted, etc.   with the SQL install disk you can rebuild the master db which will allow you to reset the sa pwd.
0
 
LVL 2

Author Comment

by:Raybans
ID: 9911770
thanks ShogunWade, good to know
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9912008
ShogunWade, "SQL install disk"? you mean its CD-ROM? to build master db, i have to insert its original CD? didnt hear that before....
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 9912501
welcome.
0
 
LVL 18

Expert Comment

by:ShogunWade
ID: 9912532
bbao,   there are other ways of doing it of course, but it makes it easier from the CD cos it gives you a nice wizard.   its the Mr Lazy way of doing it which is why i like it.
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 150 total points
ID: 9912542
o? just noticed what Raybans meant for those "bonus", hehe. if so, i reject to accept such a way to be awarded points except it was real bonus. there is no such an EE policy that allows asker to decrease points after the quesion solved. anyway, the asker can decide the grade according to his/her satisfaction.

i would assume that Raybans might use such a way to save some points, but i dont think it is a right way to reduce asker's cost. i think you pay such a high points for this problem is for its emergency, and this question has been reponsed quick and solved quickly. so i dont think Raybans' point could be refund.

regards,
bbao
0
 
LVL 2

Author Comment

by:Raybans
ID: 9916518
I have unlimited points, that was not the issue

your answer did not actually solve the problem and the problem was solved in house.
So points accourding to the rules should be "refunded"

but I did think your assistance deserved recognition, even if the answer was going in a different direction to the solution.

I have no need to save points, as I have paid in full for my account here, which gives me unlimited points to give out for questions.

Sorry if my method or reasoning is incorrect, I would be happy to get a commment on the way I have tried to handle the award of points in this case.

0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9936488
ShogunWade, thansk for your idea, i will try it next time.

Raybans, i just did read your comments in two questions, and have understood what and why you did, it was reasonable from your viewpoint, although i did not think some steps were proper enough. you know, it is valuable to make question as PAQ for other people who has similar problem. thanks for your points and grade.

Netminder, thanks for your help and effort. i think it would be better if EE could give formal policy or suggestion to deal with such situation. you know, personally, i dont think it is very good to reduce points after experts involved or conclusion made.

enjoy EE,
bbao
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 9936595
Netminder, nice to see your reply so quickly. ok, agreed with you, that's EE's unique style even culture. we guys enjoy EE and the way to solve problems...
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Performance is the key factor for any successful data integration project, knowing the type of transformation that you’re using is the first step on optimizing the SSIS flow performance, by utilizing the correct transformation or the design alternat…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now