Applies To
Express Software Manager version 6.0 through 6.1

Summary
Express Software Manager includes MSDE 2000, a run-time version of Microsoft SQL Server 2000. MSDE has an administrative account ("sa") with a default blank password. The blank password allows easy access to the "sa" account and Express Metrix recommends adding a password to this account for improved security. This technical note describes how to add a password to the "sa" account using an OSQL command.

Note: By default Microsoft SQL Server also uses a null password on its “sa” account. If you have a full version of SQL Server you can use Microsoft Enterprise Manager to reconfigure the “sa” account. This technical note is intended to provide help to customers who are using MSDE and do not have access to Enterprise Manager.

Express Software Manager and MSDE
Express Software Manager 6.0 and 6.1 include MSDE 2000. Customers who do not have their own installation of SQL Server can use MSDE to house their Express databases.

Express Software Manager uses the MSDE “sa” account to create and access Express databases. This administrative account has no default password and, as a result, may be subject to attacks from malicious programs including the Spida worm (also called SQLsnake and Digispid). Adding a password to the account will prevent the worm from gaining access to the account and the databases.

Important: You must remember the password you assign to the “sa” account. If you lose the password there is no way to retrieve it and you may have to uninstall and reinstall MSDE.

Adding a Password Via OSQL Commands
To add a password to the MSDE “sa” account, type the following command at a command prompt on the machine where MSDE 2000 is running (include all quotation marks and commas):

OSQL -S<server name> -Usa -P -Q "sp_password NULL, '<password>', 'sa'"

Note: The command is case-sensitive.

For example, if MSDE is installed on a workstation called esmadmin and you want to set the password on the “sa” account to esm525, you would enter the following command:

OSQL -Sesmadmin -Usa -P -Q "sp_password NULL, 'esm525', 'sa'"

You should see a message indicating that the password was changed.

Updating Library Data Source Files
After you change the password for the “sa” account, you must update the data source (also called a DSN) for each of your libraries. The data source contains connection information for the database and includes an encrypted user name and password.

Note: If you attempt to open a library using an existing data source you will get an error saying that the “Login failed for user ‘sa’.” This is because the existing data source does not contain the new password.

To update a data source:

1. Choose Open Library from the File menu in Administrative Console.

2. You will be prompted to open the data source. Enter the new password here and click OK.

1. Choose New Data Source from the File menu in Administrative Console.

2. Select the computer that is running MSDE and enter “sa” for the Login ID and your new password in the Password field. Click Next to continue.

3. Choose the database you want to connect to (the default Express database is called Express). Click Next to continue.

4. Give the data source a name and click Finish. Note: The default name for the data source is based on the database name. If you are creating a new data source for the Express database, you may see a suggested name of “Express (2)”. You can accept this, change the name to Express (to overwrite the existing data source), or enter an alternate name. Click Next and then Finish to complete the creation of the new data source.

Related Technical Notes

9989	Express Software Manager 6.x Technical Notes