Solved

Need help gaining SA access to Backup Exec 2005 SQL Database?

Posted on 2013-01-24
1
724 Views
Last Modified: 2013-02-03
A vulnerabilty scanner reported ; Attackers could potentially gain arbitrary access to the file or registry system on the SQL Server host.  This vulnerability could possibly lead to further compromise of the SQL Server's integity.

One of the the sugesstion was to usw SQL Server Management Studio Express remove the BUILTIN\Administrator for the SQL 2005 Database login while keeping the SA account. After I deleted the BUILTIN\Administrator group access. My SA account login will login before but now I get an error " Login failed for user 'sa' The user is not associated with a trusted SQL server connection Error 18452.

When I tried to change the SQL server properties  for security from just Windows Authenication  to SQL and Windows Authenication I get an error; The  Execute permissions is denied for object 'xp_instance_regwrite' database mssqlsystemresource, schema 'sys' Microsoft Error :229

 Can someone help me switch modes to gain SA access ?
0
Comment
Question by:355LT1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 28

Accepted Solution

by:
Ryan McCauley earned 500 total points
ID: 38819543
You're getting that error because the user you're logged in as doesn't have SA, which you need to in order to change that configuration setting. Luckily, you can change this with a registry setting and an instance restart:

http://www.mssqltips.com/sqlservertip/1441/correct-the-sql-server-authentication-mode-in-the-windows-registry/

Essentially, stop the instance, navigate to the appropriate key in your registry (Usually "HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\LoginMode" for your default instance or "HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\MSSQL.n\MSSQLServer\LoginMode" for a named instance), and change the "LoginMode" value to 2 (it's set to 1 now - that signifies Integrated Authentication Only).

Start up the SQL instance again and your SA account should now be able to connect without that error message.

Note: I definitely advocate removing the "BUILTIN\Administrators" group's default SA permissions (and likely that group's permissions altogether), especially when you're in an environment when the servers are managed by a different group of people than the DBA group. However, always make sure you've explicitly added yourself as a sysadmin before you revoke the default rights :)
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question