Name:
Disabled sa account
Platform:
Sqlserver
Category:
Security
Premium package:
Security and compliance package
Description:
Checks if the ‘sa’ login account (principal_id=1 and sid=0×01) is set to ‘disabled’.
Long description:
Checks if the ‘sa’ login account (principal_id=1 and sid=0×01) is set to ‘disabled’. This is the original login created during installation with sysadmin privileges.
Version:
1.2
Default schedule:
10 1 1 *
Requires engine install:
Yes
Compatibility tag:
[CDATA[.[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005’ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ | engine_edition = ‘Azure SQL Managed Instance’)
Parameters
Name
Default value
Description
return status
1
Return status value (ALARM – 2, WARNING – 1, or OK – 0) when the “sa” login account is enabled.
disable sa login
NO
If set to “YES” the alert will disable “sa” login (if it is enabled) by running “ALTER LOGIN” DDL command.
history threshold
365
The maximum number of days to keep statistics for in the historic tables.
← Full-Text service account / Database Mail XPs →
Feedback
× Thanks for your feedback.
Post your comment on this topic.