RSS

Access to SQL Server when all administrator accounts are deleted

30 Mar

Source: Zarez.net (External-Link)

 

If you removed Builtin\administrator from SQL Server which is the best security practice, and you forgot SA password, or SA account is disabled and there is no other Windows or SQL Server account on SQL Server with sysadmin privilege, starting SQL Server in single-user mode enables any member of the computer’s local Administrators group to connect to the instance of SQL Server as a member of the sysadmin fixed server role.

1. Stop all SQL Server related services (some SQL services such as SQL Agent will use up your only connection in single-user mode).

2. Start the SQL service with the -m parameter.
In SQL Server Configuration Manager, click SQL Server Services. In the right pane, right-click SQL Server (), and then click Properties. On the Startup Parameters tab, add -m; parameter (do not add a space between the -m; and the rest of the command line).

Or from CMD with ‘Run as administrator’ input:

NET START MSSQLSERVER /m

sqlcmd -E

This will put the SQL into Single User Mode, and SQL Server will only accept one connection.

Connect with SQL Server Management Studio (start Management Studio with “Run as administrator”) and add login with sysadmin privilege,

or use sqlcmd to connect to your server with the -E trusted connection option. You will be able to connect to the SQL Server as sysadmin if you are a local administrator.

Create your login and add it to the sysadmin role.

Create new windows user with local admin prvilage ex: adminuser

then run the following command in sqlcmd -E

USE master
GO
CREATE LOGIN [domain\username] FROM WINDOWS WITH DEFAULT_DATABASE=[Master]
GO
EXEC sp_addsrvrolemember @loginame=N'domain\username', @rolename=N'sysadmin'
GO

Stop the SQL service, remove the -m parameter and restart the service. You should now be able to connect to the SQL Server normally.

If you get the error message:

Login failed for user ‘domain\username’. Reason: Server is in single user mode. Only one administrator can connect at this time.

It means that there is something using your single connection. You need to find the service or connection that uses up the only connection and stop it before you can log in. Check SQL Agent, SQL Reporting Services, SQL Analysis Services…

 
Leave a comment

Posted by on March 30, 2019 in Windows

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: