grant sa to all

How Crazy is this?

use [master]
GO
grant CONNECT SQL TO ALL AS [sa]
GO
Steve SamsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aneesh RetnakaranDatabase AdministratorCommented:
Simple as publishing your passwords to every one
0
Steve SamsonAuthor Commented:
I am new to this company and this is what i found on all our production servers. now ?I understand why the other 3 DBA's resigned and couldn't figure it out. this could only be found in permissions on each database on the server.

Has any one ever saw this before are ther eany worms / trojans or other that would do this for all user accounts?
0
Aneesh RetnakaranDatabase AdministratorCommented:
I saw many application developers used to connect to the database servers using 'sa', Since they are not DBAs they don't really see the cons of this. You should create a window user with least privileges, and also need to DENY the 'sa' permissions to them.Test this on a dev / staging instance first before implementing this on production.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Steve SamsonAuthor Commented:
this is the permission it sets in the server permissions and only viewable when you go in through the database properties.
permissions.gif
0
Aneesh RetnakaranDatabase AdministratorCommented:
Sorry about my previous posts, You are actually NOT granting elevated permissions to that user, instead 'sa' granted 'bcLogin' the permission to connect to the server. if you check the properties for 'bcLogin', you will be able to see its actual permissions on the other databases. Simply by connecting to server wont give any rights to access the databases.
Sorry about the other comment.
Note: Do not reveal your servernames in future.
Just curious is 'bc' stands for British Columbia
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve SamsonAuthor Commented:
Actually it was Blind_coconut, but i wont tell if you don't!  ;)
0
Steve SamsonAuthor Commented:
Awesome, its amazing how many people will just through  something out there just to say they did.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server 2008

From novice to tech pro — start learning today.