SA do I need to remember the password

Question

Post reply

SA do I need to remember the password

Viewing 5 posts - 16 through 19 (of 19 total)

You must be logged in to reply to this topic. Login to reply

K. Brian Kelley SSC Guru Points: 114532 More actions · Answer 1

Heh. That's funny. Great Plains is now owned by Microsoft. Let's hope they get it fixed. They fixed BizTalk Server so it can use Windows authentication, so I don't see why they wouldn't proceed with Great Plains eventually.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/

K. Brian Kelley
@kbriankelley

PBirch SSCrazy Eights Points: 8483 More actions · Answer 2

PBirch

SSCrazy Eights

Points: 8483

November 13, 2003 at 1:20 pm

#481952

Yes, it was a real pain when we realized that Great Plains HAD to have the SA rights.

Poor thought process.

Dr. Peter Venkman: Generally you don't see that kind of behavior in a major appliance.

Patrick

Quand on parle du loup, on en voit la queue

Sopheap Suy SSCertifiable Points: 7893 More actions · Answer 3

Sopheap Suy

SSCertifiable

Points: 7893

November 13, 2003 at 1:29 pm

#481956

I don't see any reason why you would want to login as domain admin to access SQL server to do admin work on sql server. We generally remove domain admin login from sql server login as well as buildin\administrators. We do have other domain service account and of course sa if we really need to use it.

mom

K. Brian Kelley SSC Guru Points: 114532 More actions · Answer 4

Agreed. If you follow the Principle of Least Privilege, only the appropriate DBAs would have sysadmin rights. This would also involve removing the BUILTIN\Administrators group (once the appropriate DBA group had been added and granted sysadmin role membership). A normal system administrator in a company big enough to have a distinction between the system administrator and the DBA usually doesn't need elevated privs into SQL Server.

K. Brian Kelley

http://www.truthsolutions.com/

Author: Start to Finish Guide to SQL Server Performance Monitoring

http://www.netimpress.com/

K. Brian Kelley
@kbriankelley

iadams SSCommitted Points: 1920 More actions · Answer 5

I think Microsoft made Great Plains use the SA by design not by default. GP goes into SQLServer as SA and does all kinds of "System Administrator" kind if stuff when setting up users and customizing the application. Its a real pain as the DBA to work with this because the Director of Finance wantes to know the SA password and as a result her consultants also got hold of it. Kind of a security nightmare! I'm now using ADP and it used its own SYSADM login to do "System Administrator" kind of stuff. So SA is safe again.

A quick note on ADP: It was setup by ADP consultants before I got here. They did the SQL server install too. And they left the SA password Blank!

-Isaiah