The sa login is the most famous login account in SQL Server. Every SQL Server administrator knows about it (if they don’t, they should).

Due to its administrative nature, any compromise of the sa account could have catastrophic consequences, including the complete loss of control over SQL Server.

It is therefore widely considered good security practice to disable the sa account altogether. And as an extra precaution, rename the account and change its password. Other admin accounts can be created as required.

To disable the sa account using T-SQL, simply use the ALTER LOGIN statement.

Example of Renaming the Account

Here’s an example of using T-SQL to rename the sa account.

USE Master;
ALTER LOGIN [sa] DISABLE;

As mentioned, as an extra precautionary measure, also consider renaming the sa account and changing its password.