Name: Disabled sa account
Platform: Sqlserver
Category: Security
Premium package: Security and compliance package
Description: Checks if the ‘sa’ login account (principal_id=1 and sid=0×01) is set to ‘disabled’.
Long description: Checks if the ‘sa’ login account (principal_id=1 and sid=0×01) is set to ‘disabled’. This is the original login created during installation with sysadmin privileges.
Version: 1.2
Default schedule: 10 1 1 *
Requires engine install: Yes
Compatibility tag: [CDATA[.[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005’ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ | engine_edition = ‘Azure SQL Managed Instance’)
Parameters
Name Default value Description
return status 1 Return status value (ALARM – 2, WARNING – 1, or OK – 0) when the “sa” login account is enabled.
disable sa login NO If set to “YES” the alert will disable “sa” login (if it is enabled) by running “ALTER LOGIN” DDL command.
history threshold 365 The maximum number of days to keep statistics for in the historic tables.

← Full-Text service account / Database Mail XPs →

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment