Wednesday, September 23, 2015

Access locked out SQL instances, i.e. sa account or windows/sql logins with sysadmin passwords are lost or disabled

David Lister from SQL Services ...   Info on Breaking into SQL ;) 

PSExec tool gives you an option to run a remote process or an application using System account, if SYSTEM account has permission on that application. Although there are many more features that are 

For example, if SQL Server has NT AUTHORITY\SYSTEM as one of its logins, then you can use this account to login to SQL Server. However, you can’t use SQL Server Management Studio or sqlcmd to login to SQL Server using NT AUTHORITY\SYSTEM. Try it yourself!

However, PSExec gives you an opportunity to login to SQL Server using NT AUTHORITY\SYSTEM. Once you download PSExec tool bundle from command prompt and type following command:

D:\PSTools>psexec -i -s "C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"


–i allow the program to run so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.

-s runs the process in SYSTEM account.

The above command will launch SQL Server Management Studio and gives you a “Connect to Server” window and the User Name will be pre-populated with NT AUTHORITY\SYSTEM. If NT AUTHORITY\SYSTEM has a login authority to the server, you will be able to login to the SQL Server. If you do not use “–i” switch, you won’t be able to launch management studio! So, make sure you use –i and –s both!

However, if there is a deny to this login, for example because of Trigger etc., then you won’t be able to login to SQL Server using this technique.

1 comment:

Love Status said...

Incredible post! This is really nice
table presentation on different Versions and service packs of SQL.
I appreciated your way of presenting about SQL. Thanks for posting.Keep it.up.
sql server