ISA logging to MSDE security

I've been scouring the internet for an answer to this question but can't seem to find one, so I hope someone here can help. I have an ISA 2004 installation logging to a MSDE DB. This DB has 3 security accounts associated with it, BuiltIn\Administrators, NT Authoriy\Network Service and SA. I use MOM 2005 on my network and noticed an event stating that one of these accounts has a NULL or weak password. My guess is that it is talking about the SA account.

I do not remember what the password was for the SA account but my guess is that it is NULL by default and that ISA is using it for logging. I may be wrong but it's my best educated guess due to the fact that SQL liked using blank SA passwords by default and I'm usually very good about recording passwords and I can't believe I missed this one.

If I change the SA password to something complex, how do I configure ISA to use it? Does ISA 2004 even use the SA account? Could it be disabled safely?
mascolojAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
By default ISA has its own mechanisms when using msde and built-in controls stop the ISA msde databse being contacted from anywhere except from the isa server itsself. This is referenced in the ISA manual. The fact you are running MOM against the database at all suggests you have amended this setting and turned on the remote monitoring & logging option within the ISA System policy. You are correct; by default, the password is blank.

http://www.microsoft.com/technet/isa/2004/plan/securityhardeningguide.mspx
This is a very good link in respect to hardening the isa2004 server just for your info.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322336
This is useful as it explains how to change the msde password

http://forums.isaserver.org/m_190092100/tm.htm
A link to others who have had a similar requirement

Regards
Keith


0
 
mascolojAuthor Commented:
Hey Keith,
Thanks for getting back to me. I will look over the links and let you know what happens. Just to clearify one thing though, I have MOM installed on the same server as ISA. Because of the environment I have and the way it was built - pre me, ISA is being used more as a way of restricting internet use and reporting on it with the benefit of an additional inspection of the traffic flowing through it. It is a redundant firewall at best with a primary firewall at the edge of my network.

Thanks again,
Mas
0
 
Keith AlabasterEnterprise ArchitectCommented:
No probs. Will wait to hear from you :)
0
 
Keith AlabasterEnterprise ArchitectCommented:
Any update?
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thank you :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.