Post reply

Find SA password and determine which databases are using the SA login account

  • September 14, 2004 at 6:37 am

    #86380

    I need to find a way to determine what is the password for the SA user account in SQL.  This account was created by another dba who has left.  I went to change the password for the SA account and now I'm unable to run queries.  I get a prompt asking me for the user login and password.

    In addition, I'm trying to find a way to determine what databases are using the SA login account.  Does anyone know of any queries that allow me to extract this information?

    I would greatly appreciate any leads.

  • September 14, 2004 at 8:10 am

    #522962

    There are several tools and scripts to find a sa password. Check out these to links as a starter:

    http://qa.sqlservercentral.com/columnists/jgama/sqlserverpasswordauditing.asp

    http://www.nextgenss.com/sqlcrack.htm

     

    About the queries using the sa account you might try running a profiler trace. Anyway applications shouldn't use this account at all.

    M

    [font="Verdana"]Markus Bohse[/font]

  • September 15, 2004 at 6:04 am

    #523127

    i think if you just log on to the machine hosting the database as an administrator, logon using a trusted connection, you should be able to change the sa password at that point. 

     

     

  • September 15, 2004 at 6:11 am

    #523129

    I am able to change the password.  However, we have databases that use that login.  When I attempt to query on the database once the SA password has been changed, I get a login/password prompt that appears when I got to run the query.

    Before I changed the sa password, I found an article with a way to save the existing passwords. 

    http://support.microsoft.com/default.aspx?scid=kb;en-us;246133

    I had a feeling I might run into trouble changing that password.  I used ran this stored procedure to have a copy of the old password in case I needed to restore it.  I'm glad I ran the query.  The old password is hashed so I can't make it out.

    I don't know what to try to next.

     

  • September 15, 2004 at 3:09 pm

    #523242

    Considering that handing out the SA password to users/developers, etc, is a serious security risk, I think I'd tell them that I will create them a new id with the permissions they require, and let them use that.  A lot of vendors will tell you that they HAVE to have SA, but most can get by without it.

    Steve

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply