THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Argenis Fernandez

Leveraging Service SIDs to Logon to SQL Server 2012, 2014 and (new!) 2016 Instances with Sysadmin Privileges

Published Thursday, January 12, 2012 4:34 PM by Argenis

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS



Robert L Davis said:

Stay away from my servers! ;)

January 12, 2012 6:53 PM

Paul Timmerman said:

What Robert said! Excellent post!

January 12, 2012 7:19 PM

Amit Banerjee said:

Well written especially the advice to the kids! :) And +1 to what Robert said!!

January 12, 2012 10:32 PM

Greg Linwood said:

nice article, good point about sysadmins..

January 12, 2012 11:46 PM

Meher said:

Excellent post Argenis.



January 12, 2012 11:57 PM

Dale Hirt said:

It's interesting that LocalSystem still has privileges as well.  Another excellent post.

January 13, 2012 2:16 AM

spe109 said:

A very good and interesting article. Thanks Paul.

January 13, 2012 3:46 AM

Kenneth M. Nielsen said:

Great post, and as you conclude, there's nothing to do about a rogue admin, well except give him/her a letter of termination ;)

June 28, 2013 4:38 AM

Joseph said:


June 28, 2013 9:28 AM

Justin Dearing said:

Naturally a local admin could just run SQL Server in single user mode to give himself access. However, being able to do with WITHOUT restarting SQL server makes it harder for an attacker to get caught.

June 28, 2013 8:50 PM

Argenis said:

@Justin: indeed - but a smart attacker with sysadmin privileges can definitely get away without being caught. I don't necessarily see this as an attack vector. It just makes it harder for Windows admins to mess with SQL Server - and in a good number of shops out there, that's a good thing.

June 28, 2013 8:56 PM

Nicolas said:


September 4, 2013 3:09 PM

Waleed Khan said:

Brilliant keep it up .

September 16, 2013 3:43 PM

AB said:

This is working for me on sql server 2012.

March 10, 2015 12:44 PM

Satinder Thakur said:

This is NOT working for me on sql server 2012.

March 10, 2015 12:44 PM

Roja said:

side effect is not working.

March 10, 2015 12:45 PM

Davy said:

Super post, works like a charm on SQL 2014 Express x64!

March 30, 2015 2:49 PM

Aravind said:

I could not find the registry file in Windows 2003. Could you please help me out!!!

June 23, 2015 9:18 AM

Argenis said:

@Aravind: What version of SQL Server are you using?

June 23, 2015 9:36 AM

Aravind said:

SQL server 2005 Enterprise for all the instances i could connect in the server.

June 23, 2015 10:20 AM

Argenis said:

June 23, 2015 10:26 AM

Aravind said:

I have done with psexec and the NT AUTHORITY\SYSTEM also doesn't have access. Could you say if any other gaps to connect the server without getting the server down.

June 23, 2015 11:38 AM

Argenis said:

@Aravind = you could try sniffing out the password on TDS packets on the network, or trying to capture it in a memory dump immediately after a login. Not that easy.

June 23, 2015 12:08 PM

Srii said:

Thanks very much!

February 12, 2016 10:23 AM

ermoas said:

great post! very useful information. thanks for sharing

March 7, 2016 2:01 AM

Vincent said:

Thank you so much !!!! TvT

May 11, 2016 11:48 AM

SQLGuyChuck said:

Hey Argenis! I just tried on SQL Express 11.0.6020 and sqlwriter isn't a sysadmin on it, so it doesn't seem to work after some patch level.

-Chuck Lathrope

June 2, 2016 8:44 PM

Argenis said:

Hey Chuck, thanks for the note! I made an update recommending the use of the Winmgmt service for SQL Express users.

June 2, 2016 11:23 PM

Ariel said:

this is a very good post, thank you for it.

I have a NOOB question though -

If I wanted to use the same technique to grant specific privileges, such as ALTER ANY CONNECTION to the system account - how should I do that?

The following does not work (Uhe statement does work as a query inside the studio):

"path-to-sqlwriter" -S <DB name> -E -Q "use master; GRANT ALTER ANY CONNECTION TO 'NT AUTHORITY\SYSTEM'"

September 18, 2016 6:45 AM

vedant said:

If you want to try this game the come here and visit the more things for the work. so if you want then you can try this game.

April 12, 2019 12:40 AM

Leave a Comment

Privacy Statement