Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 64
  • Last Modified:

Forgotton SQL Server 2008 SA Password

Hello,

I have an instance of SAGE DB installed but I do not no the password to the SA account. My own account has access to the DB via SQL Express Management Studio so I have admin rights to reset the password for SA but I want to know if this is a safe thing to do or if it will cause problems? I am not a SQL expert so don't want to cause unnecessary problems.

Thanks,
0
gbarnes0990
Asked:
gbarnes0990
  • 5
  • 4
  • 2
  • +1
1 Solution
 
chanderpal singh rathoreMicrosoft Exchange EngineerCommented:
Hi ,

You can reset the password by logging  from windows authentication instead of 'sa"  and there is no issues in that.
0
 
gbarnes0990Author Commented:
Thanks Chanderpal. I have a Windows Authentication account I can login with. Just to be clear I can use this to reset the SA password? Theres no chance the SA account has dependancies in SQL that would cause problems once I reset the password?
0
 
chanderpal singh rathoreMicrosoft Exchange EngineerCommented:
No there is no problem in doing that as I have done it many times, when I forgot the password.

This is the same process if you want to change the password so there is no issue by using windows authentication for resetting "sa" password.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
Vitor MontalvãoMSSQL Senior EngineerCommented:
I want to know if this is a safe thing to do or if it will cause problems?
It depends. Do you have any process that's using SA account to run task over the SQL Server instance or databases? If affirmative then those processes will return error so remember to reapply the new credentials of SA on those processes.
If you're sure that SA is not using anywhere then it's very safe to change the password.
0
 
gbarnes0990Author Commented:
Changed password and all seems ok. Change was made before last expert comment came in.
0
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
Now wait for the side effects. If any then reentry the new password for the SA credentials where it's failing.
0
 
ZberteocCommented:
The sa account is the default login and user that is setup at the moment of teh SQL sever installation. The account does not have to be use and the best practices tell you shouldn't use it. Because is the default account all the hackers will try to use it first in order to break into a SQL server. For this reason when you setup the password it should be a very complicated one and you should write in down in a safe place. This account also can be used as a safe backdoor sometimes if after you setup a SQL server you don't have any other sysadmin login to use. In any case the idea is that yous should not use this account in applications but only for admin purposes or is in SQL jobs that are meant for administrative tasks and should be free of any personalized login/user dependences. In this case, if you have jobs that run under the sa account they will fail if you change the password and you will have to update it. If it is used in any application, even internal one, you should change that login with another one that you can create or choose from existing with the sufficient permissions it needs.

Some go the distance to rename the sa login or even disable it. Here is a good article that explains how can you secure the sa login:

https://www.mssqltips.com/sqlservertip/3695/best-practices-to-secure-the-sql-server-sa-account/
0
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
In that article is missing the most obvious one:
- Configure SQL Server instance to use only Windows Authentication. This way SA user will be never able to login even if everybody knows the password.
0
 
ZberteocCommented:
That is not recommendable because in that case you cannot use SQL users on the server.
0
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
Correct. That's why is recommendable. Let the AD do all the security work.
We have it here in more than 4000 SQL Server instances. No SQL logins are allowed in this company for many years already. Microsoft also doesn't recommend it. Just check their Authentication mode article:
"Windows Authentication is the default authentication mode, and is much more secure than SQL Server Authentication.
(...)
Important:
When possible, use Windows Authentication"
0
 
ZberteocCommented:
The last point is the most important:
Important:
When possible, use Windows Authentication"


There is nothing wrong with SQL authentication if the setup is correct and many prefer it. In the case of your company it is just a policy.
0
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
Nothing wrong but when you work in a bank where security is more important than everything (even performance) this is one of the first things to set. We even have a night job that runs over all SQL Server instances to check if nobody changed the authentication mode. If it finds a change then an incident is immediately raised and emails sent to top managers informing about the security hole.
0
 
ZberteocCommented:
Especially in a Swiss bank... :o)
1

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now