|
-
Auditing Sa activities
Someone had changed the SA password on one of my servers. I need to find out who did this. Can you tell me if there is any historical information kept on any of the system tables that can tell me who (what machine name) and when (date and time)this was done?
Does anyone have a 3rd party or inhouse developed task/procedure to report this kind of security issues?
-
Auditing Sa activities (reply)
I don't know of any products to do that, although you might search the web.
You could change the sp_password stored procedure (if you are brave and are ok with adding your change back in any time you upgrade) to call another storproc which could write information to a table you create. There should be a column in sysprocesses with the machine name (although if they are really sneaky they can change some of the information sent to sysprocesses programmatically).
Hope that helps!
------------
Nick at 6/24/99 6:24:59 PM
Someone had changed the SA password on one of my servers. I need to find out who did this. Can you tell me if there is any historical information kept on any of the system tables that can tell me who (what machine name) and when (date and time)this was done?
Does anyone have a 3rd party or inhouse developed task/procedure to report this kind of security issues?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote