tool to scan for SA accounts in use across servers/database

Hello -

I'd like to know where on my servers and or databases that I can find the SA account in use. Is there a specific open source tool which I can utilize to scan and see where it is being used?
First LastAsked:
Who is Participating?
Your best bet, is to use sql trace using sql server profiler during normal operating to capture a sample of data which you will then filter based on the LoginName. This will identify the database and the application that is the source of the connection.

Depending on your application is it plain text (ASP etc) where the connection string is not encrypted.

The trace will help you narrow down the applications to search through.
once you deal with that, you would need to rerun this process a few times to make sure you did not miss any that might not be normally in use.
Vitor MontalvãoMSSQL Senior EngineerCommented:
SA account exists in all SQL Server instances since it can't be deleted.
What it can be done is to disabled the user.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.