Lost SQL Server sa password ? How to start up and login in single user mode

The problem: Someone has lost the sa admin password for your MS Sql Server; or the one person who has SQL admin rights has left the company. Alas, you find that even having Windows admin rights does not grant you access because you have a recent version of Sql Server and you didn’t grant Sql Server admin rights to the machine or domain admins.

You can still fix this. You will need local admin right on the machine, and the ability to:

  • open a command line as an administrator
  • look through the registry with RegEdit to find the settings for the version and instance of Sql Server you are locked out of. MSDN mssqlserverloginmode-registry-key has some clues.
  • look through Program Files\Microsoft SQL Server\ and find the binn directory for your version and instance of Sql Server.

The trick is to start Sql Server in single user mode, and then login as a local admin. This will give you admin access to the SQl Server.

How to Get Admin Access to Sql Server on Your Machine

  1. Stop the sql service.
    • This is most easily done via the Windows Services Gui, but net stop MSSQLSERVER might do it. If you have a named instance use net stop MSSQL$instancename
  2. Work out the file location and registry key for the version/instance name of sql server you are trying to get into. This may be trickier than you think – you may have SqlExpress as well as more than one version and instance name of MSSQLServer. For instance:
    • C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn and
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQLServer\

    or

    • C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn and
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS
  3. Change the registry entry for loginmode to 2 (not 0 or 1), which enables both Windows and SQL authentication.
  4. Open a command line window as administrator and navigate to the binn directory you found earlier under C:\Program Files\Microsoft SQL Server\. Run sql from the command line using the –f parameter, sqlservr.exe -f
    • You may need more command line parameters to get your instance running properly, although I never have so far. If so, use the Windows Services Gui to see what the rest of your command line has to be.
    • For a named instance, your command line is sqlserver.exe -f -s instancename
    • An alternative to -f is -m, but -f worked for me.
  5. Open another commandline, also as administrator, and run sqlcmd –S <servername>. Sqlcmd is usually on the path, but if not it should be in the same directory as sqlservr.exe.
    • The server name for local machine is of course ‘.‘, as in sqlcmd -S .
  6. Now you can type T-SQL commands. Try Select @@ServerName, @@Version just for fun.
  7. Note that after typing your commands you must type GO and enter before anything you’ve typed gets sent to the server.
  8. Add yourself to the sysadmin role:
    EXEC sp_addsrvrolemember 'DomainName\LoginName', 'sysadmin'
  9. Or, enable the sa login and set the password with 2 lines of T-Sql:
    Alter login sa With Password= '<enterStrongPasswordHere>'
    Alter login sa Enable
    Go
  10. Exit and close both command windows.
  11. Restart the Sql Server service from the services Gui or with net start MSSQLSERVER or net start MSSQL$instancename

Done.

Leave a Reply

Your email address will not be published. Required fields are marked *