summary
This article is discussed step by step to change SQL Server
The step of the SA (System Administrator) password.
You can configure Microsoft SQL Server Desktop Engine (MSDE) 2000 version or earlier to run in mixed authentication mode.
The SA account is created during the installation process, and
SA has full permissions in the SQL Server environment. by default,
The SA password is empty (NULL) unless you change the password when you run the MSDE installer. In order to meet the requirements of the best solution, it must be used in the first time.
The SA password is changed to strong password.
Back to top
How to verify that the SA password is empty
1. Open the command prompt window in the host computer that is being connected to the MSDE instance. 2. Type the following command at the command prompt, then press ENTER: OSQL -U SA can connect to the local default instance of MSDE via the SA account. To connect to a named instance installed on your computer, type: OSQL -U SA -S ServerName / InstanceName will appear below: Password: 3. Press the Enter again. This will deliver a NULL (empty) password for SA. If you appear after pressing the ENTER button, you have no password on the SA account: 1> In order to meet the requirements of the security program, Microsoft recommends you to create a non-empty strong password. However, if you receive the following error message, you indicate that your password is incorrect. This error message indicates that the password has been created for the SA account:
"Login Failed for User 'Sa'."
The following error message indicates that the computer that runs SQL Server is only for Windows authentication:
Login Faled for User 'sa'.reason: NOT Associated with a trusted SQL Server Connection.
The SA password cannot be verified in Windows Authentication mode. However, you can create a SA password so that the SA account is still safe when the authentication mode is changed to a mixed mode. If you receive the following error message, the SQL Server may not run, or you may have an error name for the installed SQL Server named instance:
[Shared Memory] SQL Server Does NOT EXIST OR ACCESS DENIED.
[Shared Memory] ConnectionOpen (Connect ()).
Back to top
How to change the SA password
1. Open the command prompt window in the host computer that is being connected to the MSDE instance. 2. Type the command below, press Enter: OSQL -U SA At the Password: prompt, press ENTER (if the password is empty) or type the current password. This allows the SA account to connect to the local default instance of the MSDE. To connect using Windows authentication, type this command: use osql -e3. Type the following command in each separate line, then press ENTER: sp_password @old = null, @new = 'complexpwd', @loginame = 'sa '
Go
Note: Make sure that "ComplexPWD" is replaced with a new strong password. Strong code includes alphanumeric and special characters and combinations of case characters. You will receive the following prompt information, indicating that the password has been successfully changed:
Password changed.
Back to top How to determine or change your authentication mode
Important: This article contains information about modifying the registry. Before modifying the registry, you must back up the registry and must know how to restore the registry when there is a problem. For information on how to back up, restore, and edit the registry, click the article number below to view the article in the Microsoft Knowledge Base:
256986 Microsoft Windows Registry Description
WARNING: If you use improper use of the registry editor, you may need to reinstall the operating system. Microsoft does not guarantee that you can solve problems caused by improper use of registry editors. Use Registry Editor at your own risk.
If you cannot determine how to verify the authentication mode of the MSDE installation, you can view the appropriate registry key. By default, for Windows Authentication, Windows
The value of the loginmode registry subkey is set to 1. This value is 2 if a hybrid mode authentication is enabled.
• The location of the LoginMode child depends on whether you are installing MSDE as the default MSDE instance or as a named instance. If MSDE is installed as a default instance, the LoginMode child is located in the following registry subkey:
HKLM / Software / Microsoft / MSSQLSERVER / MSSQLSERVER / LOGINMODE
• If the MSDE is installed as a named instance, the LoginMode sub-item is located in the following registry subkey:
HKLM / Software / Microsoft / Microsoft SQL Server /% InstanceName% / MSSQLSERVER / LOGINMODE
Note: You must set it before switching the authentication mode.
SA password to avoid exposure of potential security vulnerabilities.
For additional information, click the article number below to see the article in the Microsoft Knowledge Base:
274773 FIX: IF you change Windows Security To Windows / SQL Security THE SA Password Is Blank
To switch from a hybrid mode to an integrated (Windows) authentication mode, follow these steps:
1. To stop MSSQLServer, all other related services (such as SQLServerAgent), open the service program in the Control Panel. 2. Open the Registry Editor. To open a registry editor, click Start and Run in turn, then type: "regedt32" (excluding quotation marks) Click OK. 3. Find one of the following two subtries (depending on whether the MSDE is installed as the default MSDE instance or is installed as a named instance):
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / MSSQLSERVER / MSSQLServer
- or -
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Microsoft SQL Server /
4. In the right pane, double-click the LoginMode child. 5. In the DWORD Editor dialog box, set the value of this subkey to 1. Make sure the HEX option is selected, and then click OK. 6. Restart the MSSQLServer and SQLServerAgent services to make changes to take effect.
Back to top
The best security scheme for SQL Server installation will enhance the security of the system, and they are all standard security "best solutions" for any SQL Server installation.
• Use non-empty password to protect the SA login account. Some worms will only occur when you do not take security to the SA login account. For additional information, click the article number below to see the article in the Microsoft Knowledge Base: 313418 PRB: Using Air (NULL) SA password non-secure SQL Server will give the worm program
Therefore, to ensure that the built-in SA account has strong password, you must follow the recommendations in the System Administrator (SA login "topic of SQL Server (even if you have never used SA account). • Blocking the port 1433 located in the Internet Gateway and assigning the SQL Server listening alternate port. • If you must use port 1433 on the Internet Gateway, enable the extract filtering to prevent misuse ports. • Run SQL Server service and SQL Server Agent at the Microsoft Windows NT account (instead of local system account). • Enable Microsoft Windows NT authentication and then enable an audit for success and failure login. Then, stop and restart the MSSQLServer service. Configure your client to use Windows NT authentication.
Back to top
reference
For additional information about how to use the empty SA password, click the article number below to view the article in the Microsoft Knowledge Base:
313418 PRB: Non-secure SQL Server using empty (NULL) SA password will give the worm program
For additional information about SQL Server 2000 Service Pack 1 Subsequent Version Behavior, click the article number below to see the article in the Microsoft Knowledge Base:
274773 FIX: IF you change Windows Security To Windows / SQL Security THE SA Password Is Blank
