SA Accounts

SA Accounts

Post by Mike » Thu, 11 Oct 2001 22:07:31



Hi all!

I have a question regarding Standard Practices.  We have 3 SQL Servers in
the building and I wanted to know if it is recommended that the servers have
different SA passwords or the same....and why?

Thank you in advance!

Mike

 
 
 

SA Accounts

Post by Mary Chipma » Thu, 11 Oct 2001 23:14:18


Anyone logging on as sa has full, irrevocable privileges on the
server. Best practice would be to give all three sa logins
hard-to-guess passwords and lock them away in a drawer somewhere.
Don't use the sa login for everyday use--create separate logins for
your system administrators to use--whether this is the same login on
all 3 servers or not depends on whether you want the same person to
administer all 3. Most secure is to not use SQL logins at all and
stick to Windows/NT logins only (go into the Security tab on the
server properties to change this). SQL BOL has good documentation on
security for a more complete discussion of the issues.

-- Mary
Microsoft Access Developer's Guide to SQL Server
http://www.amazon.com/exec/obidos/ASIN/0672319446


>Hi all!

>I have a question regarding Standard Practices.  We have 3 SQL Servers in
>the building and I wanted to know if it is recommended that the servers have
>different SA passwords or the same....and why?

>Thank you in advance!

>Mike


 
 
 

SA Accounts

Post by Sue Hoegemeie » Thu, 11 Oct 2001 23:39:09


In some ways, it may not matter. It's recommended that you
not use the SA account for day to day  management anyway.
Set up the logins and users and give the appropriate logins
sysadmin access. The SA account should have some cryptic
password and then stash it away - only using it in an
emergency. So if you aren't going to be using that account,
how you manage the passwords for it on different servers
probably doesn't matter.
You can find the 'recommendation' in the SQL Server Security
Whitepaper available at:
http://www.microsoft.com/sql/techinfo/administration/2000/securityWP.asp

--Sue

On Wed, 10 Oct 2001 09:07:31 -0400, "Mike"


>Hi all!

>I have a question regarding Standard Practices.  We have 3 SQL Servers in
>the building and I wanted to know if it is recommended that the servers have
>different SA passwords or the same....and why?

>Thank you in advance!

>Mike

 
 
 

1. SA account and SA role

I've been a Sybase DBA for a while, but just got started in MS SQL.

In Sybase, we have the concept of roles, like the sa_role, sso_role, and the
oper_role.

If I assign the sa_role to a login, then that login can do anything that the
sa account can, enabling me to lock the sa account for security reasons.

We just acquired a small software company that has been using MS SQL 6.5,
but they use the sa account for EVERYTHING.  Since I inherited the DBA job
for this MS SQL Server, I wanted to assign myself sa_role and disable the sa
account, but I cannot find any information on how to do that in SQL 6.5.

Help.

They need to use integrated security, which I believe maps anyone in the NT
administrators group to automatically login as sa.  How can I go around
that?  I don't want anyone to login as sa.  Never!

Thanks in advance.

-criatura


2. R: Creating New User in Accessdb (with password)?

3. sp_addumpdevice with non-sa account?

4. Process Aborted Abnormally

5. SA Account (SQL6.5)

6. Please Help I got the wrong info again.

7. Authentication Error using SA account

8. reading files from stored procedures

9. SQL blocks the ‘sa’ account

10. Tables become read only to sa account

11. Help Login fail using sa account

12. Non SA Account cannot start Scheduled Job

13. How do I disable the sa account?