Anda di halaman 1dari 8

I lost sa password and no one has System Administrator (SysAdmin) permission. What should I do?

Here are the various error you might see

Unable to create new database. This is generic error which means that you are not having permission.

When you login to Management Studio, you would see only your own account and sa as shown below

When you attempt to change password of sa you might see below error.

All error messages appear because your account is not a System Administrator of SQL Server Instance. So, what should you do now? Answer is simple, get yourself added as System Administrator. I know, you would say dont you think I have tried that as I got this error!


here is the step by step guide to add any account as System Administrator of SQL Server. This is documented and completely supported way to gain back the rights. To log into SQL Server as SysAdmin, you need to have Local Administrator permission on the windows which is hosting SQL Server. If you dont have that also then you may want to check with your windows team to get access (I am not a windows guy) Steps to login to SQL Server as System Administrator. [Provided you are having windows local administrator permissions]

Stop the SQL Server Service using ANY of below command. o Net Stop MSSQLServer (for default instance) / Net Step MSSQL$<InstanceName> If you want to know instance name, refer my earlier blog o Use SQL Server Configuration manager and stop the SQL service. [Start>Programs>Microsoft SQL Server 2005>Configuration Tools>SQL Server Configuration Manager] o Use Services console [ Start > Run > Services.msc] and locate the SQL instance you want to stop. Start SQL Server in Single User mode. You need to use start-up parameter m to start SQL Service in single user mode. I prefer command line but its your choice. o Using command line net start MSSQLServer /m SQLCMD [For default instance] net start MSSQL$<InstanceName> /m SQLCMD [For named instance] o Using configuration Manager Locate the service which you have stopped earlier. Go to its properties, Advanced, click on drop down at Startup Parameters and add ;-mSQLCMD as shown below

You might notice that I have use SQLCMD after m. Thats not a typo. Many times, when you start SQL Server in single user mode, application grabs connection before you could. SQLCMD ensures that only SQLCMD program can connect to SQL Server when its running in single use mode. Here is the error you might see if above happens. SQLCMD should be in UPPERCASE. else that would also show same error. Please make sure there is no space between ; and -m, the registry parameter parser is sensitive to such typos. You should see an entry in the SQL Server ERRORLOG file that says SQL Server started in single-user mode. TITLE: Connect to Server Cannot connect to (local)\SQL2k8R2. ADDITIONAL INFORMATION: Login failed for user Contoso\demouser. Reason: Server is in single user mode. Only one administrator can connect at this time. (Microsoft SQL Server, Error: 18461) For help, click: 18461&LinkId=20476 BUTTONS: OK

Connect to SQL Server and add desired account in SysAdmin role. I normally prefer to do it from SQLCMD (thats why I added SQLCMD after m) o Open administrator command prompt. (i.e. right click on command prompt shortcut and choose Run As Administrator o Type sqlcmd S <complete instance name> For example

o o

sqlcmd S. (for default instance) sqlcmd S.\MyInstance For getting exact name, your my earlier blog You are connected as System Administrator, because you are part of local administrator group in windows. At this point you can add any account to sysadmin because you are connect as sysadmin. Here is the script I normally use to add local administrator group as a part of SysAdmin group in SQL Server Instance. You may want to tweak this as per your needs because I am adding all local admin as sysadmin which is not a good practise.

USE [master] GO CREATE LOGIN [BUILTIN\Administrators] FROM WINDOWS WITH DEFAULT_DATABASE=[master] GO EXEC master..sp_addsrvrolemember @loginame = NBUILTIN\Administrators, @rolename = Nsysadmin GO

Here is how it would look on sqlcmd command prompt

Stop SQL Server Service. You can use any method as described in first step Start SQL Service normally. This means that you need to remove startup parameter

Here is the MSDN reference for above, just to show that its documented. So, to conclude, I have not shown any trick to recover any password. Just showed you detailed steps to gain sysadmin access provided you have windows admin rights.

How to enable sa Account in SQL Server?

When you install the SQL Server using Windows Authentication mode, by default, the saaccount is disabled. Sometimes, due to users/customers request, you may need to enable the sa account. You need to change the authentication mode for SQL server fromWindows Authentication Mode to SQL Server and Windows Authentication Mode to use the sa account.
To Change the Authentication Mode:

Follow the steps mentioned below to change the authentication mode from Windows Authentication to SQL Server and Windows Authentication. You need to remember that, the SQL Server service needs to restart to make this change effective. 1. Login to the SQL server instance using SQL Server Management Studio. Right-click on the database instance, and go to Properties.

2. On the Server Properties page, Click on Security. Click on the radio button next to SQL Server and Windows Authentication mode, and click on OK to close the Server Properties page.

3. Once you clicked on the Ok button, we will get the following screen:

As discussed earlier, we need to restart the SQL Server service to make this change effective. After restarting the SQL Server, the authentication mode will be changed to SQL Server and Windows Authentication mode.
Enable the sa Login:

1. Connect to the SQL Server instance using SSMS and go to Security. Expand Security, go to Logins. 2. You can see the sa account is disabled when you install SQL Server using Windows Authentication mode.

3. Right-click on the sa account and go to Login Properties. Specify a complex password for the sa account. By default, the Enforce password policy is checked. (if you dont want to provide a complex password for the sa account, you can uncheck this option. However, this is not recommended.)

4. Click on the Status page. By default, the sa account will be disabled. Click on theEnabled button to enable the sa account. Click on Ok to close the sa Login Properties.

Thus, sa account is enabled and you will be able to login to the SQL instance using the sa account.

If you want to use a script to enable the sa account, you can use the script mentioned below:
1: USE [master] 2: GO 3: ALTER LOGIN [sa] WITH PASSWORD=N'z43VGYT@Iu*60i' 4: GO 5: ALTER LOGIN [sa] ENABLE 6: GO