Search sqlserver-dba.com
Follow sqlserver-dba.com
For any SQL Server issue send email to: jack@sqlserver-dba.com
SQLServer-DBA.com Links
Recent Posts
- How to fix Msg 7390 - The requested operation could be performed
- How to find physical path for SQL Server backup on Container
- How to fix Msg 7347 - linked server returned data that does not match expected data length for column
- How to check SQL Server Filegroup file sizes
- How to check if SQL Server Agent is running using t-sql
- How to check if Puppet is reboots a windows server with Powershell
- How To Use Transparent Data Encryption To Increase Your Security
- Quick Fix: How to display hours minutes seconds between two dates
- Use Get-ADPrincipalGroupMembership with other Active Directory domains
- On-Demand Instant File Initialization status with sys.dm_server_services
04 July,2019 by Jack Vamvas
Often organisations have a SQL server security policy dictating the 'sa' login is disabled. There is some sound reasoning behind this policy. The primary reason is to decreases the surface area available to attack - and is a common principle of security.
When this is a requirement - I'll add some code to disable 'sa' as part of the build and certification process. But , from time to time - the 'sa' login will be re enabled, so it's important to build an alerting or reporting mechanism identifying the exception.
The sql statement to check if 'sa' is disabled.
SELECT name, is_disabled FROM sys.server_principals where name='sa'
To disable the 'sa' login use
ALTER LOGIN sa DISABLE;
Normally - I build these checks into a daily Health Check or a custom alert .
There are other tactics employed to disguise\block logins to sa - for example , renaming the sa is common method used.
Read more on SQL Server security
SQL Server Security Violations Report for t-sql tuesday (SQL Server ...
Powershell sql server security audit (SQL Server DBA)
Database Security Countermeasures against hacker attacks (SQL ...
Author: Jack Vamvas (http://www.sqlserver-dba.com)
Share:
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |