Disabling SQL 2000 SA account

I have inherited an archaic program that runs on sql 2000 which is directly connected to the internet.  Basically 1433 needs to be open and the box sits on my dmz, so 1433 is exposed to all.  I have closed all other inbound and outbound ports fro this box through my firewall.  I would like to disable the sa account totally.  Is this possible, and if so, what is the best practice to accomplish this?

Who is Participating?
Have you thought about making the security to Windows Authentication only?  (Not Mixed-Mode)

To remove the sa account you would have to change the database owner for all of the databases where sa was the owner.  Remove SA from the System Administrators role and it might be a good idea to remove Builtin\Administrators from the System Administrator role as well.

Of course, before you do all this you want to ensure that you have an account that has SysAdmin privileges and that you can login under that account.

You also may need to modify any jobs that may use SA as the "Run Under" account and also that have SA set as the owner.
rptsysadminAuthor Commented:
Yes,  i have thought about changing to windows authentication.  Would that be done ONLY through the registry under loginmode key?  or is there another way to do that?

i would rather use windows authentication only and not have to worry about removing the sa.
You go into Properties for the SQL Server (in Enterprise Manager) and change the login mode in the Security tab.
I provided a solution, and went further by recommending Windows Authentication
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.