On social media, I asked folks, “Why haven’t you disabled the SA account in your SQL Servers? Wrong answers only.” The results were pretty funny:
“I went a step further and also created an account called ‘as’. Now my boss keeps bragging to his golf buddies that we run our database fully SaaS.” – Hugo Kornelis
“How else can I provide job security for the cybersecurity team?” – Evgeny Alexandrovich
“Because it matches the password of sa.” – Jamie Ridenour
“Oh you can create another account in SQL Server? Mind blown.” – Justin Adrias
“Why would I disable the only login we have?” – Ray FitzGerald
“Because that’s the only account I don’t get permissions errors with!” – Todd Histed
“Because it’s a saved login with password in SSMS.” – Subject 89P13
“Psh. All my linked servers use it.” – Dan White
“Doesn’t SA stand for Software Application? So shouldn’t my application connect with that account?” – Joe Thompson
“Because sa stands for sexy admin. To disable it would be to deny who we are!” – Mladen Prajdic (who, for the record, the ladies love)