SQLTeam.com | Weblogs | Forums

"Hack" into 2008 Instances


#1

Hello experts. I'm tasked with upgrading several 2008 instances. But some of them I cannot access. The sa password is not known and my account doesn't exist in the instance. I AM in the local admin Windows group.

The techniques I have found require stopping the instance and running it in single-user mode. But I can't risk an outage in these production instances.

Does anyone know of a better method that will allow the instance to be up?
Thanks for any tips.


#2

Do you know if they are using Windows Auth with AD Groups. Maybe you can get yourself into one of those AD groups that will allow you access to the servers. There is no hack like you are looking for, that would be a huge security issue if there was.


#3

Wow, I have access to the SERVER. I need to get into the SQL Server instance. Yes I'm in the ad group which is a member of local admins.


#4

But local admins are not automatically granted access to SQL Server. The question is whether or not there is an AD group setup for SQL Server sysadmins that was added to SQL Server on those instances? Maybe a group defined for the DBA team?

If not - then you have the option of taking SQL Server down (as you have found) or possible this: https://blogs.msdn.microsoft.com/sqlserverfaq/2012/12/18/how-to-login-to-sql-server-with-nt-authoritysystem-using-psexec-tool/


#5

Thanks jeffw8713. Yes my DBA group is in local admins but unfortunately this is a very old instance and it was never added to this instance. I will try the pstools trick.


#6

It doesn't matter whether or not the group is in local admins - what matters is what groups were added to SQL Server and what permissions they were granted. Is it possible that there is another group that you are not a member of now - that was added to this instance with sysadmin rights?

A last resort would be to identify who managed the system before - reactivate (if not active now) - their domain account and login to the server with that account. Then you could use SSMS to access SQL Server and grant your account the necessary privileges.


#7

Agreed. By that I meant that, by being a member of Local Admiuns, I'm able to connect to the db instance. But once there, I can't do anything. So I'll try pstools. Thanks


#8

I have tried and tested this.It is very simple to use.