Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 Changing SA Password

Author  Topic 

pareshmotiwala
Constraint Violating Yak Guru

323 Posts
Posted - 2007-03-27 : 17:01:54
Is there a thread that says what should we be looking for if I change password for SA?

I am new to the org here and have to clamp down on the SA logins.

This is what comes to my mind:

1. Client apps:
====================
a. Hard coded into VB apps
b. File DSNs
c. System DSNs

2. Web app:
================
a. Hard coded into .asp and .aspx
b. .inc files that have collective connection strings.
c. Possible use of file DSNs
d. Possibly use of system DSNs

3. Ad-hoc Queries by Users
===============================

4. Maintenance Plans and Jobs etc.
=======================================
a. DTS packages
b. Replication

Is there anything else that you can add to this list will be helpful.
Regards
Paresh

Regards
Paresh Motiwala
Boston, USA

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2007-03-27 : 17:49:03
sa password hard-coded into applications or config files?! It's more important to correct that then to change the password.

Tara Kizer
http://weblogs.sqlteam.com/tarad/
Go to Top of Page

Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)

7020 Posts
Posted - 2007-03-27 : 20:50:49
If you never give anyone the sa password, then you don't have these problems.

Just change the password and see what breaks.



CODO ERGO SUM
Go to Top of Page

pareshmotiwala
Constraint Violating Yak Guru

323 Posts
Posted - 2007-03-28 : 09:41:31
Hi Tara and Michael. I am new to this customer site. So far the developers ruled the roost. I have been brought in to rectify and bring discipline to this.
But, if there is anything else that comes to your mind, please do let me know.
One of my colleagues from my previous life has added one more item. He remembered to put in any OSQL or Batch Jobs that use SA passwords.
Cheers and Thanks
Paresh

Regards
Paresh Motiwala
Boston, USA
Go to Top of Page

mcrowley
Aged Yak Warrior

771 Posts
Posted - 2007-03-28 : 10:25:28
Passwords are not actually stored in the System DSNs. The username is kept in the registry, but I do not believe it actually is used for anything other than the test at the end of the DSN setup. The password is discarded. As such, you do not need to change any DSN.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site