Is there a way to add an administrator level user via a dos command prompt?

i have a client whose system was apperently hacked.  one of the things that was done was that the sa user in msde had their password changed. now our odbc connections that relied on sql authentication will not work.  is there a way to add or change a administrator password and then delete and readd the sa without having the current sa password.

tia.
CASorterAsked:
Who is Participating?
 
nmcdermaidCommented:
Two options to log in:

Hard option: use ISQL, a command line interface (unless you like that kind of thing)
Easy option: Download Management Studio Express from Microsft, which is free, and use that.


>> once i "get in"   can i create a new admin level user, delete the original sa and either create a new sa with a new password or just use the new admin user?

You can change the authentication to be windows only, this disables all SQL logins (like sa) but you'll need to change your application to use windows authentication.

Alternatively you can just change the sa password

You need to consider now whether you want to use ONLY windows security. This will stop someone guessing your sa password and messing it up, but this may not suit your application architecture.

One big advantage of windows authentication is that the user doesn't have to remember another password. It just logs in directly.



>> the sa user in msde had their password changed. now our odbc connections that relied on sql authentication will not work

Are you saying that your ODBC logins used sa to log in? Thats a bit of a no-no.
0
 
jogosCommented:
every action for which a sql-command exists can be done from a command file. But no surprise propper credentials are needed. Without propper credentials it's called hacking and not many people want techniques to do that spread on a forum.

But the database is hacked.  Even when you can recover your sa-user will you ever be sure there are no other 'hidden' modifications that could be awkward: account numbers, prices, addresses,....
Backups can serve for that purpose.
0
 
nmcdermaidCommented:
By default, if you log on to the server as a local or domain administrator, you can then log into the SQL Server in 'trusted' mode, and it will let you in.
0
 
CASorterAuthor Commented:
i dont have a sql enterprise interface...   just msde

so how do i connect and know i connect via a command prompt?

once i "get in"   can i create a new admin level user, delete the original sa and either create a new sa with a new password or just use the new admin user?

would a restore of a backup clear out users?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.