I have inherited an archaic program that runs on sql 2000 which is directly connected to the internet. Basically 1433 needs to be open and the box sits on my dmz, so 1433 is exposed to all. I have closed all other inbound and outbound ports fro this box through my firewall. I would like to disable the sa account totally. Is this possible, and if so, what is the best practice to accomplish this?