When I tried to connect (with the 'sa' login) to our SQL server, I got an error message about invalid password. I tried again and again, with the same result.
So, I reconnected to the SQL server in Windows authentication mode and reset the password of 'sa', but the question is whether somebody could remotely change the 'sa' password?
Thanks,
Ilan.
Yes, the sa account's password can be changed remotely. That is, if someone already knows the sa password, they can log in with it, execute "alter login [sa] with password 'new password'" and bada bing the password is changed. Moreover, anyone with the alter any login permission on the server would be able to do the same.
Related
I am logged in to a Windows 7 computer as an admin. I am trying to connect to SQL Server 2012 on the same machine. The SA account is locked out. When I try Windows Authentication, the login fails.
How do I log in now? Is there an external tool to unlock the SA user? I used an external tool to change the SA password. I don't want to reinstall the software.
Read and follow the steps described in Connect to SQL Server When System Administrators Are Locked Out:
start the server in administrative mode with -m or -f
connect as a LUA elevated process (runas administrator)
create a login for youserlf and add it to sysadmin group
For unlocking sa, you just have to connect as a machine administrator to the server. The machine administrators are by default granted access to SQL Server. Once you connect as an administrator, you can run below query:
ALTER LOGIN sa WITH PASSWORD = 'new_password' UNLOCK
When SQL Server SA account is locked out and fails to login with Windows Authentication mode, you can use the third party tool Asunsoft SQL Password Geeker to change/reset SA password.
Asunsoft SQL Password Geeker can instantly reset SA user and other users passwords on SQL Server 2012/2008/2005/20014.
Important: Before you open this tool, firstly stop SQL Server services. And when SA password is successfully reset, do not forget to close this tool and restart SQL Server services.
Now run this tool and do as below:
Click Open File button.
Browse for the master.mdf file and import it into this tool.
Select the sa user and click Reset button.
Type a new sa password and click OK.
If you need more details just refer to How to Use SQL Password Geeker.
Probably you have no permissions to connect to SQL Server using Windows Authentication or Windows Authentication is not available.
Besides login SQL Server 2008 Express with local admin account when Windows Authentication mode is available, there are still other ways that can effective reset SQL Server SA password, such as command and SQL password recovery tool.
To some extent, command would be more difficult to reset SA password than SQL password recovery tool. For example, SQL Password Genius has simplified steps to add master.mdf file, select SA account and set a new password for it. So several clicks has been OK to reset SA password with SQL password recovery tool.
Details about how to reset SA password with command and tool are introduced here: http://www.isunshare.com/sql-password/four-effective-ways-to-change-sql-server-sa-password.html
Recently, I installed SQL Server on my machine, but I forgot the password, eventually I couldn't use SQL Server authentication with the domain user. I tried to reset the password, but I am getting an error:
Cannot use parameter PASSWORD for a Windows login
This is the query I tried:
ALTER LOGIN [xxx\yyy] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [xxx\xxx] WITH PASSWORD=N'password' MUST_CHANGE
GO
Is there any other way to do this?
Any help would be appreciated.
With Windows authentication, I am able to connect to SQL Server. Then I change password for sa, then I try to connect with SQL Server authentication, but I get an error
Login failed for user sa.
Thanks
Assuming you are entering the correct password and it still does not work, you need to enable SQL Server Authentication.
Since a few week, there is a lot of attempt of connection on user 'SA' on my Database, Sql server.
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: xxx.xx.xx.xx]
The IP adresses are all from China.
I think that a hacker try to connect to my Database.
What is the best practices to protect user 'SA' against hackers ?
I need to connect to the Database with Sql server authentification mode.
If i disable the user 'SA', can i still connect with Sql authentification ?
Thanks for any advices.
You may disable SA and enable it only to connect from internal network.
Either you can put your DB behind a firewall.
I have a Windows server 2012 with SQL Server 2012, running on AWS
I have configured the sa user, and I manage to login with it
But, once in a while, I can not login anymore with sa and then I have login with windows authentication reset the sa password, and then everything works fine.
Did anyone encounter that before?
You can try e.g.:
CREATE LOGIN YourLogin WITH PASSWORD='yourpass'
Alter login with:
ALTER LOGIN sa WITH PASSWORD='yourpass', CHECK_POLICY=OFF
GO
ALTER LOGIN sa ENABLE
GO
The CHECK_POLICY=OFF parameter makes the login immune to domain setup changes. Now login with sa
Hope this helps
I suspect you have the 'Enforce password expiration' checkbox ticked on the settings page for the SA user. This will cause it to use the Windows password policy which may have a timeout.
See http://blogs.msdn.com/b/lcris/archive/2008/02/20/sql-server-password-policy-faq.aspx
I was seeing this same thing with my server on an AWS instance. I think the culprit may have been an overly simple sa password (I was using "sa"). I went into the management studio and checked "enforce password policy", unchecked "enforce password expiration, and set a password complex enough to meet the policy...and now it has been up all night without hitting that problem, knock on wood.