Necesitaba poder clonar la cuenta para deshabilitarla.
el motivo constantes intentos de acceso desde fuera de la red con intencion de usar la cuenta SA.
basado en este link
https://www.mssqltips.com/sqlservertip/3589/how-to-clone-a-sql-server-login-part-1-of-3/
CREATE LOGIN [Bobby] WITH PASSWORD = 'User$To!Clon3@';
GO
EXEC sp_addsrvrolemember @loginame = 'Bobby', @rolename = 'securityadmin';
GO
EXEC sp_addsrvrolemember @loginame = 'Bobby', @rolename = 'dbcreator';
GO
GRANT ALTER ANY SERVER ROLE TO [Bobby];
GRANT IMPERSONATE ON LOGIN::[sa] TO [Bobby];
GRANT CONTROL SERVER TO [Bobby];
GRANT ALTER ON ENDPOINT::[TSQL Default TCP] TO [Bobby];
GRANT ALTER ANY LOGIN TO [Bobby] WITH GRANT OPTION;
GRANT VIEW DEFINITION ON LOGIN::[sa] TO [Bobby];
GO
posterior a esto renombrar y deshabilitar la cuenta SA.
ALTER LOGIN [sa]
WITH NAME = [old_sa];
go
ALTER LOGIN [old_sa]
DISABLE;
go
--revisar si existe alguna conexion de SA.
SELECT sid, name
FROM sys.sql_logins
WHERE name = 'sa';
go
ademas lo complemente con que ciertos usuarios se puedan conectar nada mas.
https://www.sqlshack.com/prevent-sql-server-login-authentication-scope-using-logon-trigger/
Create TRIGGER Prevent_login
ON ALL SERVER WITH EXECUTE AS 'sa' -- or similar account
FOR LOGON
AS
BEGIN
DECLARE @LoginName sysname
DECLARE @LoginType sysname
SET @LoginName = ORIGINAL_LOGIN()
IF(@LoginName NOT IN ('sa', 'otheraccount'))
BEGIN
ROLLBACK; --Disconnect the session
END
END
si quieres mirar los logs, ejecuta esto.
exec xp_ReadErrorLog 0,1
No comments:
Post a Comment