Disable and Rename sa, years after buildDoes changing “sa” password require a SQL restart (in mixed...
How can I create unencrypted addresses?
Translation for threshold (figuratively)
What does @ mean in a hostname in DNS configuration?
Can a planet be tidally unlocked?
Why do we divide Permutations to get to Combinations?
How bad is a Computer Science course that doesn't teach Design Patterns?
Is Screenshot Time-tracking Common?
What is the difference between crontab -e and nano /etc/crontab?
SFDX CLI - Locked with an active writer?
Why is quixotic not Quixotic (a proper adjective)?
How do I know my password or backup information is not being shared when creating a new wallet?
What is the reason behind this musical reference to Pinocchio in the Close Encounters main theme?
Multiple null checks in Java 8
In a world with multiracial creatures, what word can be used instead of mankind?
How can I make my enemies feel real and make combat more engaging?
Coworker asking me to not bring cakes due to self control issue. What should I do?
Taking an academic pseudonym?
How can a kingdom keep the secret of a missing monarch from the public?
Does resurrection consume material components if the target isn’t willing to be resurrected?
Are all power cords made equal?
Is it ethical to apply for a job on someone's behalf?
TikZtree with asymmetric siblings
Are there any spells or magic items that allow for making of ‘logic gates or wires’?
Use intersection in field calculator
Disable and Rename sa, years after build
Does changing “sa” password require a SQL restart (in mixed mode)?Build Restore History tableDo multiple SQL Server instances increase security?Rename Availability Group and AG scriptRename SQL log and master database filerename databaseStored Procedure to Rename Table and Column namesSQL Transactional Replication - some tables frozen, but others working fineCalculate drawdown and volatility on 3 yearsIdentifiers: Reuse or RemapUpgrading SSIS Packages to 2017
Answers and comments at a recent popular question Does changing "sa" password require a SQL restart (in mixed mode)? indicate that renaming and disabling sa at build time is a best practice.
Any time you have a well-known account, like administrator on a Windows system or sa for SQL Server, you should take certain steps to secure it. Let's look at specifically what you should do with sa:
Set a hard to guess password.
Rename sa.
Disable sa.
Ensure that no other accounts exist named sa.
Source
But what if it has been years since the instance was built? the original DBA is long gone, I don't know what strange things they might have done. It's a production server, I can't just change make changes to the sa login and fix things as they come to light.
If I rename and disable the sa account years later, what issues might I have?
Can all the possible issues be identified and addressed, before making changes to the sa account?
sql-server best-practices
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
add a comment |
Answers and comments at a recent popular question Does changing "sa" password require a SQL restart (in mixed mode)? indicate that renaming and disabling sa at build time is a best practice.
Any time you have a well-known account, like administrator on a Windows system or sa for SQL Server, you should take certain steps to secure it. Let's look at specifically what you should do with sa:
Set a hard to guess password.
Rename sa.
Disable sa.
Ensure that no other accounts exist named sa.
Source
But what if it has been years since the instance was built? the original DBA is long gone, I don't know what strange things they might have done. It's a production server, I can't just change make changes to the sa login and fix things as they come to light.
If I rename and disable the sa account years later, what issues might I have?
Can all the possible issues be identified and addressed, before making changes to the sa account?
sql-server best-practices
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
testing on development is a good start..
– kevinsky
27 mins ago
2
Can all the possible issues be identified and addressed, before making changes to the sa account?No, some legacy app, somewhere, that only connects once a year, could still be out there. There will always be some cleanup, afterwards.
– Sean Gallardy
19 mins ago
add a comment |
Answers and comments at a recent popular question Does changing "sa" password require a SQL restart (in mixed mode)? indicate that renaming and disabling sa at build time is a best practice.
Any time you have a well-known account, like administrator on a Windows system or sa for SQL Server, you should take certain steps to secure it. Let's look at specifically what you should do with sa:
Set a hard to guess password.
Rename sa.
Disable sa.
Ensure that no other accounts exist named sa.
Source
But what if it has been years since the instance was built? the original DBA is long gone, I don't know what strange things they might have done. It's a production server, I can't just change make changes to the sa login and fix things as they come to light.
If I rename and disable the sa account years later, what issues might I have?
Can all the possible issues be identified and addressed, before making changes to the sa account?
sql-server best-practices
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
Answers and comments at a recent popular question Does changing "sa" password require a SQL restart (in mixed mode)? indicate that renaming and disabling sa at build time is a best practice.
Any time you have a well-known account, like administrator on a Windows system or sa for SQL Server, you should take certain steps to secure it. Let's look at specifically what you should do with sa:
Set a hard to guess password.
Rename sa.
Disable sa.
Ensure that no other accounts exist named sa.
Source
But what if it has been years since the instance was built? the original DBA is long gone, I don't know what strange things they might have done. It's a production server, I can't just change make changes to the sa login and fix things as they come to light.
If I rename and disable the sa account years later, what issues might I have?
Can all the possible issues be identified and addressed, before making changes to the sa account?
sql-server best-practices
sql-server best-practices
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
asked 32 mins ago
James JenkinsJames Jenkins
1,76321938
1,76321938
testing on development is a good start..
– kevinsky
27 mins ago
2
Can all the possible issues be identified and addressed, before making changes to the sa account?No, some legacy app, somewhere, that only connects once a year, could still be out there. There will always be some cleanup, afterwards.
– Sean Gallardy
19 mins ago
add a comment |
testing on development is a good start..
– kevinsky
27 mins ago
2
Can all the possible issues be identified and addressed, before making changes to the sa account?No, some legacy app, somewhere, that only connects once a year, could still be out there. There will always be some cleanup, afterwards.
– Sean Gallardy
19 mins ago
testing on development is a good start..
– kevinsky
27 mins ago
testing on development is a good start..
– kevinsky
27 mins ago
2
2
Can all the possible issues be identified and addressed, before making changes to the sa account? No, some legacy app, somewhere, that only connects once a year, could still be out there. There will always be some cleanup, afterwards.– Sean Gallardy
19 mins ago
Can all the possible issues be identified and addressed, before making changes to the sa account? No, some legacy app, somewhere, that only connects once a year, could still be out there. There will always be some cleanup, afterwards.– Sean Gallardy
19 mins ago
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230412%2fdisable-and-rename-sa-years-after-build%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230412%2fdisable-and-rename-sa-years-after-build%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
testing on development is a good start..
– kevinsky
27 mins ago
2
Can all the possible issues be identified and addressed, before making changes to the sa account?No, some legacy app, somewhere, that only connects once a year, could still be out there. There will always be some cleanup, afterwards.– Sean Gallardy
19 mins ago