Solved

need to get SA password

Posted on 2013-12-30
10
227 Views
Last Modified: 2014-01-16
sql 2005
no studio installed and I can't install it at this time.
I need to either reset the sa password or figure out the current one
either will do
2008 r2
0
Comment
Question by:jamesmetcalf74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 40

Assisted Solution

by:Kyle Abrahams
Kyle Abrahams earned 100 total points
ID: 39746785
without managment studio you're not going  to be able to reset it.  The only thing you could do is to try a brute force or check well known passwords.  Lastly ask another developer / DBA who may know.  

There's no way to discover the password, or SQL would be pretty weak.
0
 
LVL 10

Assisted Solution

by:PadawanDBA
PadawanDBA earned 200 total points
ID: 39747023
Eeeeh...  Not entirely accurate. As with most things with physical access, where there's a will there's a way.  I am having trouble locating the exact guide I used for it (which walks you through it step by step), but you'll need to bring the service down and start it back up in single user mode, connect (probably going to be via sqlcmd in your case) and reset the password accordingly (or create a new login with sysadmin privileges and use that).

http://msdn.microsoft.com/en-us/library/dd207004.aspx
0
 
LVL 12

Accepted Solution

by:
ktaczala earned 100 total points
ID: 39747443
management studio can be installed on any workstation, it doesn't have to be installed on the server.  however the sql browser service must be running on the server for studio to see the instances.  log in to a workstation with the domain administrator login then run studio, open the instance with windows authentication.  then you should be able to change the sa password.
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39747482
No need for SSMS or SQL Browser (unless you are running a SQL Server named instance), you can reset it from the DOS command line using SQLCmd and a single System Stored Procedure, provided you have a login that belongs to the sysadmin role.  If you don't it gets more complicated.
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 39748336
Alright,  I stand corrected.  Good to know that you can create users as long as you have access to the sql box.  Pretty weak security IMO.
0
 
LVL 10

Assisted Solution

by:PadawanDBA
PadawanDBA earned 200 total points
ID: 39748577
Security always starts with physical access.  You can also argue that it's weak security to not encrypt your drives with bitlocker or comparable since you can just mount them in a linux distro and have unfettered access to all the data on the drives, but the question still remains as to why the heck they had access to stick that usb drive into the server =)  Moral of my story is merely that security has to be implemented everywhere or it is nowhere (just to drive home the more holistic view of security you just made)
0
 
LVL 75

Assisted Solution

by:Anthony Perkins
Anthony Perkins earned 100 total points
ID: 39749226
Good to know that you can create users as long as you have access to the sql box.
I am not sure what you mean by "access to the sql box".  You can execute SQLCmd from any workstation, you do not have to be logged on the server that houses SQL Server.

Pretty weak security IMO.
Why would you say that?  Why is using SQLCmd make it qualify for "weak security" in comparison to using SSMS (your suggestion)?
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 39750658
Why would you say that?  Why is using SQLCmd make it qualify for "weak security" in comparison to using SSMS (your suggestion)?
I'm not saying sqlCmd is weak security.  The fact that you can create a sys_admin role account without being an authorized user to me is weak security.  I agree that physical access is always a security concern, but I wouldn't imagine for one to have a backdoor like that.   Sure you could always just rip the MDF and LDF files to a new instance, but that would require more resources (of having another SQL server installed somewhere).  

Real world example:  
A server admin being able to login to a sql server to retrieve sensitive company data.  In a larger firm where you have dedicated roles, a nefarious admin could run this while doing other routine maintenance (windows patches for instance).  


I would have the ability to get at the data would be more difficult.  Just my two cents.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39752921
The fact that you can create a sys_admin role account without being an authorized user to me is weak security.
I don't think anyone said that.  In fact I specifically stated:  you can reset it from the DOS command line using SQLCmd and a single System Stored Procedure, provided you have a login that belongs to the sysadmin role.
0
 
LVL 40

Expert Comment

by:Kyle Abrahams
ID: 39752992
I refer you to:
http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SQL-Server-2005/Q_28327754.html#a39747023

it's possible to create a sys admin account without logging in as a sys admin yourself.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sql query help 2 68
Need help debbuging stored procedure 21 49
Query to return total 6 26
What is wrong with the below insert statement. Getting error when executing. 5 59
There are some very powerful Data Management Views (DMV's) introduced with SQL 2005. The two in particular that we are going to discuss are sys.dm_db_index_usage_stats and sys.dm_db_index_operational_stats.   Recently, I was involved in a discu…
I am showing a way to read/import the excel data in table using SQL server 2005... Suppose there is an Excel file "Book1" at location "C:\temp" with column "First Name" and "Last Name". Now to import this Excel data into the table, we will use…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question