Link to home
Start Free TrialLog in
Avatar of AbeSpain
AbeSpainFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Windows Event Viewer has a lot of 'failure audit' events for failed logins

I am receiving a lot of audits for people trying to access the SA account on SQL 2005. It looks to me to be from one IP address. I don't tend to use the SA account, so is this something I can rename or something similar? Would this stop the SA failed audits? I know it's probably a good idea to disable or rename the SA account so any help would be appreciated.
Avatar of Pavel Celba
Pavel Celba
Flag of Czechia image
The sa account renaming is a good idea and it increases security but it cannot stop attackers from their attemptes...
ASKER CERTIFIED SOLUTION
Avatar of Aneesh
Aneesh
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of AbeSpain
AbeSpain
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

"you can use the Windows authentication, that would be a great idea, but make sure that you chnage the connection string "

Rather than auth using the users set up in the database?
Avatar of Aneesh
Aneesh
Flag of Canada image
Yup. Windows authentication provides additional security, thats why i suggested you to use that.
Avatar of Pavel Celba
Pavel Celba
Flag of Czechia image
The Windows authentication allows each Windows admin full SQL administrator access. I don't think this is correct in all situations.