With SQL Server 2005, you can rename your logins, including sa. To me, this is a HUGE security enhancement.
For mixed security environments, many Sql Server attacks take advantage of the sa account, either by brute-force or dictionary attacks. I highly recommend you to rename sa to something that is discreet to minimize attack surface for your environment. Do not rename it to something cute, that will attract attention. Choose something that is bland and boring, and make it consistent on all servers you manage.
I’ve tested this on my test machine, and it worked great for me:
alter login sa with name = BobSmith
After this, if you browse for sa within SSMS, it is gone. In its place, it is BobSmith instead. This account may be disabled because of the alter statement. You can easily change the status if it is the case. As with previous editions of Sql Server, the login is not case-senstive, however, the password is.
One response to “Rename sa”
[…] In a previous post, I mentioned that it may be a good security practice to rename sa to something else. […]