Solved

Forgotton SQL Server 2008 SA Password

Posted on 2016-09-12
13
30 Views
Last Modified: 2016-09-12
Hello,

I have an instance of SAGE DB installed but I do not no the password to the SA account. My own account has access to the DB via SQL Express Management Studio so I have admin rights to reset the password for SA but I want to know if this is a safe thing to do or if it will cause problems? I am not a SQL expert so don't want to cause unnecessary problems.

Thanks,
0
Comment
Question by:gbarnes0990
  • 5
  • 4
  • 2
  • +1
13 Comments
 
LVL 5

Expert Comment

by:chanderpal singh rathore
ID: 41793995
Hi ,

You can reset the password by logging  from windows authentication instead of 'sa"  and there is no issues in that.
0
 

Author Comment

by:gbarnes0990
ID: 41793997
Thanks Chanderpal. I have a Windows Authentication account I can login with. Just to be clear I can use this to reset the SA password? Theres no chance the SA account has dependancies in SQL that would cause problems once I reset the password?
0
 
LVL 5

Accepted Solution

by:
chanderpal singh rathore earned 500 total points
ID: 41794000
No there is no problem in doing that as I have done it many times, when I forgot the password.

This is the same process if you want to change the password so there is no issue by using windows authentication for resetting "sa" password.
0
 
LVL 45

Expert Comment

by:Vitor Montalvão
ID: 41794008
I want to know if this is a safe thing to do or if it will cause problems?
It depends. Do you have any process that's using SA account to run task over the SQL Server instance or databases? If affirmative then those processes will return error so remember to reapply the new credentials of SA on those processes.
If you're sure that SA is not using anywhere then it's very safe to change the password.
0
 

Author Closing Comment

by:gbarnes0990
ID: 41794018
Changed password and all seems ok. Change was made before last expert comment came in.
0
 
LVL 45

Expert Comment

by:Vitor Montalvão
ID: 41794020
Now wait for the side effects. If any then reentry the new password for the SA credentials where it's failing.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 26

Expert Comment

by:Zberteoc
ID: 41794143
The sa account is the default login and user that is setup at the moment of teh SQL sever installation. The account does not have to be use and the best practices tell you shouldn't use it. Because is the default account all the hackers will try to use it first in order to break into a SQL server. For this reason when you setup the password it should be a very complicated one and you should write in down in a safe place. This account also can be used as a safe backdoor sometimes if after you setup a SQL server you don't have any other sysadmin login to use. In any case the idea is that yous should not use this account in applications but only for admin purposes or is in SQL jobs that are meant for administrative tasks and should be free of any personalized login/user dependences. In this case, if you have jobs that run under the sa account they will fail if you change the password and you will have to update it. If it is used in any application, even internal one, you should change that login with another one that you can create or choose from existing with the sufficient permissions it needs.

Some go the distance to rename the sa login or even disable it. Here is a good article that explains how can you secure the sa login:

https://www.mssqltips.com/sqlservertip/3695/best-practices-to-secure-the-sql-server-sa-account/
0
 
LVL 45

Expert Comment

by:Vitor Montalvão
ID: 41794156
In that article is missing the most obvious one:
- Configure SQL Server instance to use only Windows Authentication. This way SA user will be never able to login even if everybody knows the password.
0
 
LVL 26

Expert Comment

by:Zberteoc
ID: 41794170
That is not recommendable because in that case you cannot use SQL users on the server.
0
 
LVL 45

Expert Comment

by:Vitor Montalvão
ID: 41794182
Correct. That's why is recommendable. Let the AD do all the security work.
We have it here in more than 4000 SQL Server instances. No SQL logins are allowed in this company for many years already. Microsoft also doesn't recommend it. Just check their Authentication mode article:
"Windows Authentication is the default authentication mode, and is much more secure than SQL Server Authentication.
(...)
Important:
When possible, use Windows Authentication"
0
 
LVL 26

Expert Comment

by:Zberteoc
ID: 41794198
The last point is the most important:
Important:
When possible, use Windows Authentication"


There is nothing wrong with SQL authentication if the setup is correct and many prefer it. In the case of your company it is just a policy.
0
 
LVL 45

Expert Comment

by:Vitor Montalvão
ID: 41794208
Nothing wrong but when you work in a bank where security is more important than everything (even performance) this is one of the first things to set. We even have a night job that runs over all SQL Server instances to check if nobody changed the authentication mode. If it finds a change then an incident is immediately raised and emails sent to top managers informing about the security hole.
0
 
LVL 26

Expert Comment

by:Zberteoc
ID: 41794224
Especially in a Swiss bank... :o)
1

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now