2.14 Ensure the 'sa' Login Account has been renamed

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The sa account is a widely known and often widely used SQL Server login with sysadmin privileges. The sa login is the original login created during installation and always has principal_id=1 and sid=0x01.

Rationale:

It is more difficult to launch password-guessing and brute-force attacks against the sa login if the name is not known.

Impact:

It is not a good security practice to code applications or scripts to use the sa login. However, if this has been done, renaming the sa login will prevent scripts and applications from authenticating to the database server and executing required tasks or functions.

Solution

Replace the <different_user> value within the below syntax and execute to rename the sa login.

ALTER LOGIN sa WITH NAME = <different_user>;

Default Value:

By default, the sa login name is 'sa'.

See Also

https://workbench.cisecurity.org/files/3312