Menu
I am a beginner in database field and this question might sound too stupid but I want to know why there is a login called sa and can I delete it?
I want to delete it because it seems to have pretty serious privileges on database server!
If it matters, I am using SQL Server Express 2008.
906
You cannot drop the sa login, but you can disable it. If you select Windows Authentication when installing SQL Server, the database engine assigns a random password to the account and automatically disables it. If you then switch to SQL Server Authentication, the login remains disabled, and you must manually enable it.
It is therefore widely considered good security practice to disable the sa account altogether. And as an extra precaution, rename the account and change its password. Other admin accounts can be created as required. To disable the sa account using T-SQL, simply use the ALTER LOGIN statement.
Disable the SA Login You can use the below T-SQL to disable SA account. --Query to disable the SA account. ALTER LOGIN sa DISABLE; This query will check the status of the SA account.
Because the sa account is well known and often targeted by malicious users, do not enable the sa account unless your application requires it.
You can't remove the sa account but you can rename and/or disable it. Arguably this is good practice as otherwise you have a known username that an attacker could launch a brute force password attack against.
Just make sure if you disable the sa account that you have another account with administrator privileges.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
