jsheldon (5/15/2008)
I have changed sa but really what is stopping the person from going to AD, changing my password, then logging into SQL, change 'sa' then do damage
Nothing, but that leaves evidence - the fact that you can't log in cause your password has changed
Also, nothing stops them restarting SQL in single user mode, which gives local admin sysadmin rights
Nothing stops them from shutting down SQL and deletng or corrupting data files.
You can make things more difficult, but you cannot prevent them. There's no real way to protect a system against an administrator.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
We walk in the dark places no others will enter
We stand on the bridge and no one may pass