Disabled sa account


Job details

Name: Disabled sa account
Platform: Sqlserver
Category: Security
Premium package: Security and compliance package
Description: Checks if the ‘sa’ login account (principal_id=1 and sid=0×01) is set to ‘disabled’.
Long description: Checks if the ‘sa’ login account (principal_id=1 and sid=0×01) is set to ‘disabled’. This is the original login created during installation with sysadmin privileges.
Version: 1.2
Default schedule: 10 1 1 *
Requires engine install: Yes
Compatibility tag: .[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005′ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ engine_edition = ‘Azure SQL Managed Instance’)]

Parameters

Name Default value Description
return status 1 Return status value (ALARM – 2, WARNING – 1, or OK – 0) when the “sa” login account is enabled.
disable sa login NO If set to “YES“ the alert will disable “sa” login (if it is enabled) by running “ALTER LOGINDDL command.
history threshold 365 The maximum number of days to keep statistics for in the historic tables.

Job Summary

SELECT name, is_disabled FROM sys.server_principals WHERE name = 'sa';

Implementation Details

The job involves several key steps, implemented in SQL code:

The dependencies defined in the XML include:

Reporting

Reporting configurations are also part of the job setup:

The job is scheduled by default to run daily, ensuring constant monitoring and immediate action if an insecure configuration (i.e., the “sa” account being enabled) is detected. This scheduling can be essential for compliance with security policies and standards that require strict management of privileged accounts.

Upgrade and Compatibility

The job also includes an upgrade path from version 1.1 to 1.2, indicating maintenance of the script and possible enhancements for better performance and error handling. The compatibility section specifies that this job is designed for installations running SQL Server version greater than 2005 and includes Azure SQL Managed Instances, ensuring broad applicability across diverse SQL environments.