AbeSpain
asked on
Windows Event Viewer has a lot of 'failure audit' events for failed logins
I am receiving a lot of audits for people trying to access the SA account on SQL 2005. It looks to me to be from one IP address. I don't tend to use the SA account, so is this something I can rename or something similar? Would this stop the SA failed audits? I know it's probably a good idea to disable or rename the SA account so any help would be appreciated.
The sa account renaming is a good idea and it increases security but it cannot stop attackers from their attemptes...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"you can use the Windows authentication, that would be a great idea, but make sure that you chnage the connection string "
Rather than auth using the users set up in the database?
Rather than auth using the users set up in the database?
Yup. Windows authentication provides additional security, thats why i suggested you to use that.
The Windows authentication allows each Windows admin full SQL administrator access. I don't think this is correct in all situations.