Beginning with SQL Server 2008, local administrators are no longer SQL Server sysadmins by default. Microsoft removed this feature in an attempt to increase security. I agree with the change. The principle of least privilege would imply that even system administrators who handle patching and management of Windows do not require access to the data which resides on the server.
Unfortunately, the change makes it easier for a DBA to accidentally lock himself/herself out of the instance. By removing the login or forgetting the sa password, you will need to regain access of your locked out instance withe more invasive measures than before.
Downtime
Straight out of books online, there are two supported methods for accessing a locked out SQL Server instance. Both of these methods require downtime of the instance.
The first method is to reinstall the SQL Server instance. I do not recommend this method because of how invasive it is. The high-level procedure is as follows.
- Uninstall the existing instance.
- Install new instance.
- Attach all of the user databases which were previously attached to the old instance.
- Recreate system objects which are now missing.
- You could restore the master database from backup but you would need to restore a version which is older than the lock issue.
The second and recommended method is to run SQL Server in single user mode. When in single user mode, a local administrator has implicit sysadmin access to the instance.
- Stop the SQL Agent service.
- Open the SQL Server Configuration Manager.
- Select SQL Server Services.
- Right-click on the SQL Server service and select Properties.
- Add the -m (or -f) startup parameter on the Startup Parameter tab.
- Accept the change.
- Restart the SQL Server service.
- Log into the server with a local administrator account. I recommend using sqlcmd.exe to prevent the client from trying to open multiple connections.
- Recreate the sysadmin account / grant appropriate permissions.
- Close the client.
- Remove the single user mode startup parameter.
- Restart the SQL Server service.
No downtime
For when your system requires extremely high availability, such as 99.9999% up-time, there is a method which can be used without shutting down SQL Server. Check out Aaron Bertrand’s (t | b) article on Recover access to a SQL Server instance for details on that method.
Written by Derik Hammer of SQL Hammer
Derik is a data professional focusing on Microsoft SQL Server. His passion focuses around high-availability, disaster recovery, continuous integration, and automated maintenance. his experience has spanned long-term database administration, consulting, and entrepreneurial ventures.
Derik gives the SQL community credit for plugging the gaps in his knowledge when he was a junior DBA and, now that his skills have matured, started SQLHammer.com as one small way to give back and continue the cycle of shared learning.
Derik is the owner and lead author of SQL Hammer, a Microsoft SQL Server resource.
For more information, visit http://www.sqlhammer.com. Follow Derik on Twitter for SQL tips and chat
The post Help! I am Locked Out of my SQL Server Instance appeared first on SQL Hammer.
