I have a situation where I can log into my server as guest, and see that there is no password on the sa account. However when I try to login as sa with null password over the network it is rejected.
My question is, since there is no sa password, how can I do the equivalent of a unix sudo or su command, while logged in as guest? I looked into runas and changing passwords but guest lacks the very privilege I am trying to gain. ('alter login sa..' doesn't work.)
Also, why does the server refuses login when there is no sa password?
This is SQL Server 2012 SP1 Web edition 64-bit 11.0.3153.0.
For example, there is a command in MySQL called change_user. This command can be used as the name suggests to change a user during a MySQL session. There may be a way to do this in SQL Server but I am not a SQL Server expert so I seek more experienced input.
Best Answer
When signed in under the guest account, you have very few privileges by default. The
sapassword is displayed as blank because you do not have the necessary rights to view it. Disabling the guest account is a security best practice, where it is not required.The real
sapassword is almost certainly not blank. SQL Server does not allow a blanksapassword since the 2005 release.SQL Server does provide a way to impersonate another login or user (assuming you have sufficient rights). See
EXECUTE AS(Transact-SQL) for details.Note that
SETUSERis deprecated, provided only for backward compatibility, and has inferior functionality.