All Sql Server Administrators heard about SA account, how insecure it is and how many vulnerabilities exists that enable someone to break our Sql Server. Microsoft suggests using Windows Authentication Mode, instead of Mixed Mode. Mixed Mode exists only for backward compatibility. The safest solution would be to disable SA account and forget about the problem. However the world is not ideal and sometimes we have to use legacy 3rd party applications, which require Mixed Mode. In those situations we can rename SA account to make it harder to crack. Renaming Administrator account/s is a standard practice used by Windows Domain Administrators, so we will try to implement the same on Sql Server. We can rename SA account in Sql Server 2005 and Sql Server 2008.

It is worth to remember that renaming SA account does not change its SID, SA account always have a SID with value 0x01.
We start from checking sys.syslogins table.

select sid, name, hasaccess, sysadmin
 
from sys.syslogins

where sid = 0x01





	
sid
	
name
	
hasaccess
	
sysadmin


	
0x01
	
sa
	
1
	
1

Next we will change the name of SA account and verify that the change was sucessful.

alter login sa with name = MySaAccount	

Command(s) completed successfully.




select sid, name, hasaccess, sysadmin 

from sys.syslogins

where sid = 0x01





	
sid
	
name
	
hasaccess
	
sysadmin


	
0x01
	
MySaAccount
	
1
	
1

If you need help with Sql Server Contact Us