Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sa user and sqluser

Status
Not open for further replies.
KATHY

KATHY

MIS
Jul 16, 1999
6
0
0
US
I am new to SQL 2000. I am very familiar with AD and rights through AD. The mgr of the dept had me change the sa password on the SQL server - local user. It was null (no password). Now that I have done that, I am worried that this will affect some of the SQL processes. Will it? Where is sa used in SQL? Also I did not setup the SQL server and I am trying to check all admin rights since whomever set it up made about everyone an admin - there is an SQL User sqluser in AD that has admin and domain admin rights - is that a default user or just one that the vendor setup when he installed SQL?
 
Sort by date Sort by votes
Kathy,
Check your SQL Server's authentication mode by right-clicking it from SQL Enterprise Manager and clicking the security tab. If it's set to Windows authentication only, then the SA password is pretty much irrelevant because the only way processes and users can connect to SQL Server is via Windows Authentication - meaning they have to have a local or domain level windows account. For more information on the security modes, see SQL Server Books Online Topic Administering SQL Server > Managing Security. In fact, since you're new to SQL Server, Books online is the best place to start for the whys and howtos of SQL Server. In my opinion it is one of the better pieces of documentation I have ever read.

If you are set for mixed mode, then the SA password could matter, but mainly to external applications or scripts that connect using SA. I guess you could monitor activity on the SQL Server to see if any job or user is connecting as SA. You can use SQL Profiler to monitor logins, or enable login auditing (Set from where you change the security mode from mixed to windows only).

Hope this helps!
 
Upvote 0 Downvote
sa is system admin. This login has rights to do anything to the database and cannot be restricted. It is a bad thing to allow anyone to connct as sa and even worse for the sa to have no password. This is just asking to get your database hacked into. Since you changed the password already and you didn't mention anyone screaming becasue their appilcation no longer works, probably you caught this in time and no one is using sa to log in. The sqluser login was set up by whoever managed the database before you. It probably is the one the application uses to connect.
It concerns me that everyone has admin rights. This is a bad practice and you probably need to consider what rights each login should have, so that people can't get access to what they shouldn't be able to see or change.
If you do decide to set up rights, don't do it by individual, set up roles and do it through those. Much easier to maintain.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

peac3
  • Locked
  • Question
Gaps and islands
Replies
8
Views
131
Chris Miller
Chris Miller
peac3
  • Locked
  • Question
Derive staus date time by aligning start and end datetime
Replies
7
Views
116
Andrzejek
Andrzejek
grnzbra
  • Locked
  • Question
Adding Text to and XML Field 1
Replies
2
Views
75
grnzbra
grnzbra
TheBugSlayer
  • Locked
  • Question
Transaction with SELECT and UPDATE with XLOCK causing deadlocks 2
Replies
10
Views
175
gmmastros
gmmastros
Andrzejek
  • Locked
  • Question
Data types and sizes
Replies
18
Views
171
gmmastros
gmmastros

Part and Inventory Search

Sponsor

Back
Top