Prevent Sa user from remote login

Question

Hi all i have a query regarding login authentication.

Is there any way to prevent sa user from remote login other than WINDOW AUTHENTICATION AND ACTIVE DIRECTORY AUTHENTICATIONS?

How can we prevent sa user from remote login using SSMS?

-- Krishnakant Joshi

Answer 1

0

I think you should specify the reason why you want this. Then we could lead you to a better path.

As far as how it could be done is, At the moment I can only think of a DDL LOGON TRIGGER as the solution

You could try something like this in the LOGON TRIGGER

IF SUSER_SNAME() = 'sa'
BEGIN
IF HOST_NAME() <> 'YOURSERVERNAME'
ROLLBACK
END

OR

DECLARE @Ipadress VARCHAR(48)
IF SUSER_SNAME() = 'sa'
BEGIN
        SELECT  @Ipadress = [client_net_address]
        FROM    sys.[dm_exec_connections]
        WHERE   [session_id] = @@SPID

       IF @Ipadress NOT IN ( '<local machine>', 'YOURSERVERIP') 
            ROLLBACK
END

Hope it will help your cause, but please do let us know why you want it.

answered Dec 20 '11 at 05:42 AM

Usman Butt
13.8k ● 6 ● 8 ● 14

+1 here's more on logon triggers

http://technet.microsoft.com/dd898898.aspx

Dec 20 '11 at 10:25 AM Scot Hauder

Hi Usman,

Thanks for the reply. You have solved my query. There is no specific reason behind this question. One day i was just reading an article about authentication in SQL server which raised this question. :) Thanks Again

Dec 27 '11 at 11:26 PM krishnakantj

(comments are locked)

Answer 2

0

Your best solution to prevent remote login by the 'sa' account is to change the password and stop letting people use it. Security wise, this account should not be used for day-to-day activity.

If access is required by a user or application, a dedicated account should be created so you know who is doing what in your system.

answered Dec 20 '11 at 08:43 AM

Shawn_Melton
4.7k ● 13 ● 18 ● 27

(comments are locked)

Prevent Sa user from remote login

Follow this question

Related Questions