My SQL Configuration changes automatically

Jorge 21 Reputation points
2020-10-03T04:21:11.137+00:00

HiI would like to know why my SQL configuration is changing automatically. I am a worried that it can be a security issue.

First my admin account, the one I use locally with Windows Authentication get disabled.

Then a DB in my instance changes to restricted mode and single user.

Finally the maxed memory, min memory per query, max thread user and the blocked threadholds configuration changes creating a big error in the DB that did not made me login.

Please I would like to know why this configuration changes with no apparent reason, when I see the logs of this changes it says user: N/A.

Checking for some login log I found hundreds of login tries with different users, maybe a brute force attack. So I am starting to think that maybe this can be a security issue.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,214 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,775 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Erland Sommarskog 105.8K Reputation points MVP
    2020-10-03T09:21:13.11+00:00

    Is you SQL instance exposed on the internet? In such case, you need to fix that.

    Exactly what do these log entries say? Changes to configuration options such as "Max server memory" manifest themselves in the SQL Server errorlog, but only the spid is logged, not the user. The default trace will also have the user information, but the information here is not kept for very long.

    0 comments
  2. m 4,271 Reputation points
    2020-10-05T02:59:38.673+00:00

    Hi @Jorge ,

    HiI would like to know why my SQL configuration is changing automatically...

    SQL configuration can't be changed automatically by itself unless someone trying to change it.
    Try code as next and show scrrenshot of the result: 

    SELECT  
 T.DatabaseName,  
 T.TextData,  
 T.HostName,  
 T.ApplicationName,  
 T.LoginName,  
 T.StartTime,T.EventClass,  
    CASE T.IsSystem  
 WHEN 1 THEN 'YES'  
 ELSE 'NO'  
 END AS IsSystem  
FROM sys.FN_TRACE_GETTABLE(CONVERT(VARCHAR(150),   
 ( SELECT TOP 1 f.[VALUE]                                                   
   FROM    sys.FN_TRACE_GETINFO(NULL) f  
   WHERE   f.property = 2  
 )), DEFAULT) T  
  
WHERE T.TextData LIKE '%configuration option%'  
 AND T.EventClass = 22 -- Configuration related  
 Order by t.starttime desc;

    If the result is same as you use sql-server-ssms-configuration-changes-history

    Please track the failed logins as this : audit-failed-sql-server-logins-part-iii-the-solution (note: you need to download one third party tool as the doc. describes)

    And track the unauthorized configuration as this: spotting-unauthorized-configuration-settings-sql-server

    BR,
    Mia

    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  3. m 4,271 Reputation points
    2020-10-06T01:45:15.163+00:00

    Hi @Jorge ,

    Is the reply helpful?

    BR,
    Mia

    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments