Sa Password Changed automaticly

omar mallis 1 Reputation point
2022-03-01T07:04:25.557+00:00

when i acces by my app to sql server 2017 using static ip from outer pc the sa password changed automaticly And isure no body change it

SQL Server | Other
{count} votes

3 answers

Sort by: Most helpful
  1. Olaf Helper 47,436 Reputation points
    2022-03-01T07:11:23.857+00:00

    Impossible, passwords in SQL Server never change by system.
    Why do you think so, you can nowhere lookup the password in clear text?

    0 comments No comments

  2. AmeliaGu-MSFT 14,006 Reputation points Microsoft External Staff
    2022-03-01T08:26:53.71+00:00

    Hi omarmallis-2510,
    Welcome to Microsoft Q&A.

    the sa password changed automaticly And isure no body change it.

    Agree with Olaf. It seems someone change the sa password.
    You can use SQL Server audit and a SQL Server audit specification to track who change the sa password.
    For example:

    CREATE SERVER AUDIT SQLAudit  
    TO FILE ( FILEPATH ='C:\audits\' )  
    WITH ( QUEUE_DELAY = 1000, ON_FAILURE = CONTINUE );  
    GO  
      
    CREATE SERVER AUDIT SPECIFICATION UserPwd_change  
    FOR SERVER AUDIT SQLAudit  
    ADD (LOGIN_CHANGE_PASSWORD_GROUP);  
    GO  
      
    ALTER SERVER AUDIT SQLAudit  
    WITH (STATE = ON);  
    GO  
      
    ALTER SERVER AUDIT SPECIFICATION UserPwd_change  
    WITH (STATE = ON);  
    GO  
    

    Then you can view SQL Server audit log in SSMS Object Explorer->expand the Security-> Audits->
    right-click the audit log that you want to view and select View Audit Log.

    Please also check this article which might be helpful.
    Best Regards,
    Amelia


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Tom Phillips 17,771 Reputation points
    2022-03-01T12:41:07.207+00:00

    What you describe is not possible, unless someone has hacked your server.

    You should not be using the "sa" user at all. The account should be disabled. This is a huge security risk.

    https://www.mssqltips.com/sqlservertip/3695/best-practices-to-secure-the-sql-server-sa-account/

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.