Hi,
I'm currently working with a client that has had their DBA leave. This person had the "keys to the kingdom", with unfettered access to anything and everything, with zero effective controls in place. There is a concern that attempts may be made to gain unauthorised access to the system.
I'll be looking after things until the client finds a new DBA. Today is day one. I'm a classic "accidental DBA". What are the items that should be on my to do / to monitor checklist (aside from the usual backup jobs and overnight process checks)?
I have done the following:
Disabled the previous DBA's logins (plus a few suspect logins that have far too many access rights for my liking).
Set up full login auditing on all servers under my control, which will kick in later today once I have a window for the required restarts.
Cycled the error logs to make sure I don't have to wait an eternity for xp_readerrorlog to show me who has tried to log in when I run it each morning.
Killed a bunch of inactive spids associated with the DBA's login.
I'm running version 9.00.4262.00 in a Windows Server 2003 environment.
I'm now seeing a SQL Server login that having been revoked appears to be running automatic attempts to connect at 5 minute intervals. Is there a way of finding out the process that is trying to connect via this login?
Any advice would be greatly appreciated.
Thanks, Iain