InformationThe sa account is a widely known and often widely used SQL Server account with sysadmin privileges. This is the original login created during installation and always has the principal_id=1 and sid=0x01.
Enforcing this control reduces the probability of an attacker executing brute force attacks against a well-known principal.
NOTE: Update SA_ACCOUNT to the appropriate value for the local environment
SolutionExecute the following T-SQL query:
DECLARE @tsql nvarchar(max)
SET @tsql = 'ALTER LOGIN ' + SUSER_NAME(0x01) + ' DISABLE'
It is not a good security practice to code applications or scripts to use the sa account. However, if this has been done, disabling the sa account will prevent scripts and applications from authenticating to the database server and executing required tasks or functions.
By default, the sa login account is disabled at install time when Windows Authentication Mode is selected. If mixed mode (SQL Server and Windows Authentication) is selected at install, the default for the sa login is enabled.
In the case of AWS RDS the default name for this account is rdsa instead of sa.