Solved

Is there a way to add an administrator level user via a dos command prompt?

Posted on 2007-12-03
4
795 Views
Last Modified: 2012-06-27
i have a client whose system was apperently hacked.  one of the things that was done was that the sa user in msde had their password changed. now our odbc connections that relied on sql authentication will not work.  is there a way to add or change a administrator password and then delete and readd the sa without having the current sa password.

tia.
0
Comment
Question by:CASorter
  • 2
4 Comments
 
LVL 25

Expert Comment

by:jogos
ID: 20400086
every action for which a sql-command exists can be done from a command file. But no surprise propper credentials are needed. Without propper credentials it's called hacking and not many people want techniques to do that spread on a forum.

But the database is hacked.  Even when you can recover your sa-user will you ever be sure there are no other 'hidden' modifications that could be awkward: account numbers, prices, addresses,....
Backups can serve for that purpose.
0
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 20400305
By default, if you log on to the server as a local or domain administrator, you can then log into the SQL Server in 'trusted' mode, and it will let you in.
0
 

Author Comment

by:CASorter
ID: 20415668
i dont have a sql enterprise interface...   just msde

so how do i connect and know i connect via a command prompt?

once i "get in"   can i create a new admin level user, delete the original sa and either create a new sa with a new password or just use the new admin user?

would a restore of a backup clear out users?
0
 
LVL 30

Accepted Solution

by:
nmcdermaid earned 500 total points
ID: 20415850
Two options to log in:

Hard option: use ISQL, a command line interface (unless you like that kind of thing)
Easy option: Download Management Studio Express from Microsft, which is free, and use that.


>> once i "get in"   can i create a new admin level user, delete the original sa and either create a new sa with a new password or just use the new admin user?

You can change the authentication to be windows only, this disables all SQL logins (like sa) but you'll need to change your application to use windows authentication.

Alternatively you can just change the sa password

You need to consider now whether you want to use ONLY windows security. This will stop someone guessing your sa password and messing it up, but this may not suit your application architecture.

One big advantage of windows authentication is that the user doesn't have to remember another password. It just logs in directly.



>> the sa user in msde had their password changed. now our odbc connections that relied on sql authentication will not work

Are you saying that your ODBC logins used sa to log in? Thats a bit of a no-no.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
multiple application databases same MSSQL instance 5 53
Simple SQL query from two tables 13 52
VBScript Write Column Headers 3 35
T-SQL:  Collapsing 9 22
Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
Introduction In my previous article (http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SSIS/A_9150-Loading-XML-Using-SSIS.html) I showed you how the XML Source component can be used to load XML files into a SQL Server database, us…
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question