Weekly Tech Tidbit – Do you know your SA Password?

September 26th, 2019
Weekly Tech Tidbit – Do you know your SA Password?

A constant frustration of ours is ensuring "clean" backups.   If you corrupt your data or have a server failure, we need to reliably get that data back.  There are a few types of backups.   Image backups are popular with virtualization.  File system backups have always been the gold standard since the dawn of backups.   Then there are specialty backups for software like SQL, Exchange, and Sharepoint.  Most of you have the specialty agents that know how to properly speak to and backup items such as SQL databases.

The "issue" is that that with SQL, Exchange or Sharepoint there are files that are almost always open.   The backup software specialty agent tells the software to momentarily freeze in place (quiesce) so that a clean snapshot of the data can be taken.  Once the backup has successfully completed these systems also commit (aka safely remove) transaction files which are the lifeblood of these systems.

SQL servers also have "instances".   Rights are assigned to these instances.  Only those authorized to do so can see, manipulate, and cleanly backup these files.

The base "administrator" account in SQL server is the SA account.   It has a password.  The fact that you are local administrator on a SQL server or domain administrator on a Microsoft Active Directory network is irrelevant to whether or not you have proper database access to the SQL instance you want to backup.

YOU CANNOT BACKUP A SQL DATABASE without having the appropriate ID and password.  More often than not this, is the SA account.

It is unbelievable how many districts have SQL server instances and they don't know their SA or equivalent password!   More often than not this is either a real SQL server or a SQL Express instance installed by a third-party vendor to do something such as HVAC or security.

If you are backing up these servers and haven't put in the appropriate credentials, your backups most likely are compromised and will not allow clean or in some cases "any" recovery of your data!

This fall I encourage you to inventory all your servers and identify anything using SQL or SQL Express.   Validate that you have appropriate credentials so that you can backup and access these SQL instances (i.e the SA password and any other relevant ID and password).  Validate that your backups are running cleanly and properly accessing these instances for backup and dealing with the transaction logs (if any).

Pay special attention to all the outside vendors' equipment in your district.   None should be using default passwords.   Is their data backed up by you or by them or not at all?   Are those backups working?

For those of you part of a BOCES or RIC Backup CoSer, their technical staff should be able to help you sort this out.   If you do your own backups, or just want our assistance sorting this out, give us a call.