Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
pramod21
Yak Posting Veteran
64 Posts |
 Posted - 2012-02-27 : 22:59:52
|
| Hi,I find my sa password is changing on daily basis. why??? kindly tell me the solution..thanx. |
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
Posted - 2012-02-28 : 01:47:17
|
| I'd avoid using "sa" as a logon account .I'd recommend running a trace using Audit logon .Also, check the password policyJack Vamvas--------------------http://www.sqlserver-dba.com |
 |
|
|
GilaMonster
Master Smack Fu Yak Hacker
4507 Posts |
Posted - 2012-02-28 : 04:34:53
|
| Find whoever's changing it and ask them to stop. Or better suggestion, disable the sa account and use your own login.--Gail ShawSQL Server MVP |
|
|
|
sqldataguy
Starting Member
12 Posts |
Posted - 2012-02-28 : 10:18:48
|
| Best practice (IMHO) is to use the SA account to create a new account for the DBA, with SA privilages. Then set the SA password to something ridiclous, write it down, put it in an enevelope and put the envelope in the CEO's safe after both he and the DBA have signed it.Now everthing that gets done has the DBA's name on it.If the DBA quits or needs firing, the CEO can hand the envelope to the new DBA to create his own account.If the CEO does something stupid in the database, the DBA can show the audit trail and opened envelope to the BoardAnd if somebody is trying to hack your system, they know you have an account called SA, so you want that password as protected as possible. They don't know the login your DBA is using. |
|
|
|
sqldataguy
Starting Member
12 Posts |
Posted - 2012-02-28 : 10:29:39
|
| Hmm, re-reading I realize I didn't answer the question you asked, sorry about that. How many accounts do you have with passwrod resetting privilages? Yes, ask and if you can identify the person resetting SA ask them to stop, then follow the above suggestion. If you can't identify who is doing it (scary!) then follow the above procedure and use your newly created DBA role to turn off the passwrod setting permission for ALL other users. With only you (and the envelope) knowing the SA password, and only you knowing yours, and only those two accounts having the privilages to reset passwords, SA should not change unless you do it. Then, when anybody else comes to you request password resetting privilages (or more likely an SA role) you decide if you'll allow that or not. A last hint, many software vendors are lazy and build interfaces that by default use the SA account to connect with your database. (and then, if you allow them remote access for supporting their application, they also have access to your SQL database! And if you've really foolishly used the same passwrod for your SA account on different SQL instances then you've given that vendor you think is only supporitng one little application access to everything! Put a stop to that. Create a SQL account for each application that needs to interface with your database, limit it to the minimum read/write permissions it needs for that purpose, and tell the lazy vendor that SA is off limits. |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2012-02-28 : 13:12:18
|
quote:
Originally posted by pramod21
Hi,I find my sa password is changing on daily basis. why??? kindly tell me the solution..thanx.
Probably to keep you from logging in as sa. |
|
|
|
pramod21
Yak Posting Veteran
64 Posts |
Posted - 2012-02-28 : 23:43:18
|
| Thank you so much for ur suggessions and ideas.. |
|
|
|
|
|
|
|
|
Login issue..