Solved

Is there a way to add an administrator level user via a dos command prompt?

Posted on 2007-12-03
4
820 Views
Last Modified: 2012-06-27
i have a client whose system was apperently hacked.  one of the things that was done was that the sa user in msde had their password changed. now our odbc connections that relied on sql authentication will not work.  is there a way to add or change a administrator password and then delete and readd the sa without having the current sa password.

tia.
0
Comment
Question by:CASorter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:jogos
ID: 20400086
every action for which a sql-command exists can be done from a command file. But no surprise propper credentials are needed. Without propper credentials it's called hacking and not many people want techniques to do that spread on a forum.

But the database is hacked.  Even when you can recover your sa-user will you ever be sure there are no other 'hidden' modifications that could be awkward: account numbers, prices, addresses,....
Backups can serve for that purpose.
0
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 20400305
By default, if you log on to the server as a local or domain administrator, you can then log into the SQL Server in 'trusted' mode, and it will let you in.
0
 

Author Comment

by:CASorter
ID: 20415668
i dont have a sql enterprise interface...   just msde

so how do i connect and know i connect via a command prompt?

once i "get in"   can i create a new admin level user, delete the original sa and either create a new sa with a new password or just use the new admin user?

would a restore of a backup clear out users?
0
 
LVL 30

Accepted Solution

by:
nmcdermaid earned 500 total points
ID: 20415850
Two options to log in:

Hard option: use ISQL, a command line interface (unless you like that kind of thing)
Easy option: Download Management Studio Express from Microsft, which is free, and use that.


>> once i "get in"   can i create a new admin level user, delete the original sa and either create a new sa with a new password or just use the new admin user?

You can change the authentication to be windows only, this disables all SQL logins (like sa) but you'll need to change your application to use windows authentication.

Alternatively you can just change the sa password

You need to consider now whether you want to use ONLY windows security. This will stop someone guessing your sa password and messing it up, but this may not suit your application architecture.

One big advantage of windows authentication is that the user doesn't have to remember another password. It just logs in directly.



>> the sa user in msde had their password changed. now our odbc connections that relied on sql authentication will not work

Are you saying that your ODBC logins used sa to log in? Thats a bit of a no-no.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question