Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Forgotton SQL Server 2008 SA Password

Posted on 2016-09-12
13
Medium Priority
?
58 Views
Last Modified: 2016-09-12
Hello,

I have an instance of SAGE DB installed but I do not no the password to the SA account. My own account has access to the DB via SQL Express Management Studio so I have admin rights to reset the password for SA but I want to know if this is a safe thing to do or if it will cause problems? I am not a SQL expert so don't want to cause unnecessary problems.

Thanks,
0
Comment
Question by:gbarnes0990
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 41793995
Hi ,

You can reset the password by logging  from windows authentication instead of 'sa"  and there is no issues in that.
0
 

Author Comment

by:gbarnes0990
ID: 41793997
Thanks Chanderpal. I have a Windows Authentication account I can login with. Just to be clear I can use this to reset the SA password? Theres no chance the SA account has dependancies in SQL that would cause problems once I reset the password?
0
 
LVL 5

Accepted Solution

by:
chanderpal singh rathore earned 2000 total points
ID: 41794000
No there is no problem in doing that as I have done it many times, when I forgot the password.

This is the same process if you want to change the password so there is no issue by using windows authentication for resetting "sa" password.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41794008
I want to know if this is a safe thing to do or if it will cause problems?
It depends. Do you have any process that's using SA account to run task over the SQL Server instance or databases? If affirmative then those processes will return error so remember to reapply the new credentials of SA on those processes.
If you're sure that SA is not using anywhere then it's very safe to change the password.
0
 

Author Closing Comment

by:gbarnes0990
ID: 41794018
Changed password and all seems ok. Change was made before last expert comment came in.
0
 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41794020
Now wait for the side effects. If any then reentry the new password for the SA credentials where it's failing.
0
 
LVL 27

Expert Comment

by:Zberteoc
ID: 41794143
The sa account is the default login and user that is setup at the moment of teh SQL sever installation. The account does not have to be use and the best practices tell you shouldn't use it. Because is the default account all the hackers will try to use it first in order to break into a SQL server. For this reason when you setup the password it should be a very complicated one and you should write in down in a safe place. This account also can be used as a safe backdoor sometimes if after you setup a SQL server you don't have any other sysadmin login to use. In any case the idea is that yous should not use this account in applications but only for admin purposes or is in SQL jobs that are meant for administrative tasks and should be free of any personalized login/user dependences. In this case, if you have jobs that run under the sa account they will fail if you change the password and you will have to update it. If it is used in any application, even internal one, you should change that login with another one that you can create or choose from existing with the sufficient permissions it needs.

Some go the distance to rename the sa login or even disable it. Here is a good article that explains how can you secure the sa login:

https://www.mssqltips.com/sqlservertip/3695/best-practices-to-secure-the-sql-server-sa-account/
0
 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41794156
In that article is missing the most obvious one:
- Configure SQL Server instance to use only Windows Authentication. This way SA user will be never able to login even if everybody knows the password.
0
 
LVL 27

Expert Comment

by:Zberteoc
ID: 41794170
That is not recommendable because in that case you cannot use SQL users on the server.
0
 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41794182
Correct. That's why is recommendable. Let the AD do all the security work.
We have it here in more than 4000 SQL Server instances. No SQL logins are allowed in this company for many years already. Microsoft also doesn't recommend it. Just check their Authentication mode article:
"Windows Authentication is the default authentication mode, and is much more secure than SQL Server Authentication.
(...)
Important:
When possible, use Windows Authentication"
0
 
LVL 27

Expert Comment

by:Zberteoc
ID: 41794198
The last point is the most important:
Important:
When possible, use Windows Authentication"


There is nothing wrong with SQL authentication if the setup is correct and many prefer it. In the case of your company it is just a policy.
0
 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41794208
Nothing wrong but when you work in a bank where security is more important than everything (even performance) this is one of the first things to set. We even have a night job that runs over all SQL Server instances to check if nobody changed the authentication mode. If it finds a change then an incident is immediately raised and emails sent to top managers informing about the security hole.
0
 
LVL 27

Expert Comment

by:Zberteoc
ID: 41794224
Especially in a Swiss bank... :o)
1

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
In this article we will learn how to fix  “Cannot install SQL Server 2014 Service Pack 2: Unable to install windows installer msi file” error ?
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question