Hi everyone,
I have a customer that wants to remove a power user
from her company.
She has given him the SA password (against my advise)
and he has his own user account setup in the database.
I am not sure if he has created any backdoor(s) into the
SQL box or not - I left him kinda on his own and didn't
pay too much attention to him.
I assume people have faced this problem before,
and i am looking for a best practices or "here is what we did"
post mortem of how they handled the issue.
thanks
tonyChange the sa password (you have no apps accessing via sa right)?
Check all the high permissions roles (sysadmins, securityadmins etc) and account for all the logins associated with them. Be very suspicious of any that are not domain accounts.
That would do for starters.
Future ref - always give permissions like that to domain accounts not SQL ones.|||The Flump speaks wisdom.
Also check for any new SQL Agent jobs.|||Thanks for the info -
Agent jobs was checked and double checked.
Also did a grep on the stored procs for any create users references
I am going to make a backup of the database and restore it
into a virtual machine, change the SA and the users password
without deleting the user.
I will leave the server running for a day or so looking for issues before the production server is touched.
Thanks again for ALL the hep!
take care
tony|||The Flump speaks wisdom.
Shouldn't this already be in his sig by now? :p
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment