On social media, I asked folks, “Why haven’t you disabled the SA account in your SQL Servers? Wrong answers only.” The results were pretty funny:
“I went a step further and also created an account called ‘as’. Now my boss keeps bragging to his golf buddies that we run our database fully SaaS.” – Hugo Kornelis
“How else can I provide job security for the cybersecurity team?” – Evgeny Alexandrovich
“Because it matches the password of sa.” – Jamie Ridenour
“Oh you can create another account in SQL Server? Mind blown.” – Justin Adrias
“Why would I disable the only login we have?” – Ray FitzGerald
“Because that’s the only account I don’t get permissions errors with!” – Todd Histed
“Because it’s a saved login with password in SSMS.” – Subject 89P13
“Psh. All my linked servers use it.” – Dan White
“Doesn’t SA stand for Software Application? So shouldn’t my application connect with that account?” – Joe Thompson
“Because sa stands for sexy admin. To disable it would be to deny who we are!” – Mladen Prajdic (who, for the record, the ladies love)
Because it’s the only account that can do whatever we need to do, and everyone has the password to it and uses it for their daily duties
Because the ID, password and privileges match the same account for the server that hosts it.
Cuz I read on a blog that you can’t.
Our vendor requires SA to make the software work.
Of course, they wanted us to open Port 80 on our firewall so their web interface would work…
Scary but often true!
Because the senior DBA told me to!
Once I was installing MSDE (MS SQL Server 2000 Desktop Engine, for the younger ones) through command line at a customer and it kept failing asking me to provide “a strong SA password”, so I got tired of it and gave it “AStrongSAPassword”… :-p
Five or six years later the customer called asking about the password… The whole office had a good laugh that day…
We brag about never having to deal with permission issues since all our applications use it.
My two favorite:
The first being the most common.
because sa is hardcoded to work with dbo and dbo won’t work properly with sa disabled.
Because everyone needs admin access and I don’t want to administer too many accounts…
We can’t !
After disabling and renaming the sa account, our onboarding team gave a new employee the login name of sa
Why would I disable my Service Account login?
No, no ,no.
What you do is set up a scott/tiger account then all your devs can migrate from Oracle easily
HILARIOUS!!! I’m crying and laughing at the same time.
Try as I might, I cannot come up with anything better than what has already been done here.
Well done, everyone. Well done! 🙂
SA has threatened to leak embarrassing SQL queries I wrote in my early days. I can’t let those skeletons out of the closet!
SA are the initials of Steve Austin, The $6,000,000 Man. You can’t just disable him!
I always wondered, how his arm strenght really worked, without reinforcing his spine / back / hips etc. so that they wouldn’t crumble when he lifts / throws something really heavy.
Because the SA account and password is written under my keyboard.
Well someone must pwn all jobs!
Literally everything would stop working
Our organisation operates a policy of Transparency including the data we hold on our beloved customers.
because my software vendor really needs it
I disabled all accounts, not only sa. Never had a security problem, safety first