Is there a way to disable or rename SA login?
I've tried to remove it from Sys Admin role but it seems
this cannot be done.

Hi

No.

It can not be re-names, locked or removed from SysAdmin role.
You just have to give it a long complicated password as a defense to
hacking.

Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland

IM: m***@epprecht.net

MVP Program: http://www.microsoft.com/mvp

Blog: http://www.msmvps.com/epprecht/

Show quoteHide quote

In addition, get into the practice of never using the sa account for
anything. It is only there for backwards compatibility anyway - someday
you'll get burned.

Show quoteHide quote

Tumurbaatar S. wrote:
If you give it an obnoxious password as Mike mentioned you can then turn
off mixed-mode security on the server. That in effect disables the "sa"
account. Of course, you need to be Windows Authentication only in order
for this to work.

Note - just because you have a strong sa password, does not mean that the
hackers will not continously try to break in with the sa account. Depending
on whether they are coming in from a dialup, cable modem, or a server on the
Internet, and your SQL server speed, you may easily get up to 10
unsuccessful login attempts per second which is 600 per minute or 36000
different passwords they can try every hour.

  A password that has both letters and numbers and is 10 characters long
would have 36^10 possible combinations (3.6 x 10^15). Thus, it would take
the hacker 11.6 million years to try all the combinations.

  ie - breaking your sa password is not the problem - the problem is that
they will suck up your bandwidth, slow down your system, etc. One hacker can
easily consume 50 Kbps up and down or 100 Kbps of total bandwidth. This is
roughly 32 GBytes per month. Of course, you may have more than one hacker at
a time trying to break in.

  Evidently, Microsoft thinks that it is OK for SQL server to allow 36000
unsuccessful logins per hour (your mileage may vary but that is a typical
number that I have measured). It should be trivial for Microsoft to fix SQL
server so that after say a dozen unsuccessful login attempts, that the
source of those login attempts be blocked for some period of time.

  The current design just begs the hackers to keep trying.

Russ Stevens

Can't you do something similar via Integrated Security model?  I.e.,
configure a lock-out on your Windows Accounts after n unsuccessful login
attempts?

Michael,

<<Can't you do something similar via Integrated Security model?  I.e.,
configure a lock-out on your Windows Accounts after n unsuccessful login
attempts?>>

  Not when you are using mixed mode authentication. ie - Microsoft does
allow you to lock out attempts on Windows logins - why they don't have a
similar feature for SQL logins is a mystery.

Thanks
Russ Stevens

What could cause a SQL server not to listen on port 1433?
Building a SQL 2000 server farm
question about AWE and /PAE
Help needed
SQL server - memory problem