The CommServe database instance is installed with mixed-mode authentication. This means the default System Administrator ‘sa’ account is automatically created and enabled. Commvault uses the ‘sa’ account for initial database installation and for adding database packages. It does not use the ‘sa’ account for normal operations.
Microsoft and other security experts recommend renaming the ‘sa’ account. If it ever becomes necessary the account name can be changed back to ‘sa’. Alternately, the ‘sa’ account login during normal operations can be disabled. If at any time the ‘sa’ account is needed the account can be re-enabled.
Procedure
Run these commands in the SQL Management Studio:
-
To disable the ‘sa’ login:
ALTER LOGIN sa DISABLE -
To re-enable the ‘sa’ login when needed:
ALTER LOGIN sa ENABLE
Enable and disable the "sa" login using SQL Server Management Studio:
-
In the Object Explorer, expand the Security branch of the tree view and then expand Logins.
-
Right-click the "sa" login and choose "Properties" from the context-sensitive menu.
-
Change the enabled status of the account in the Status section of the dialog box.