Is there a way to find out who changed the password for a login?
-
02-11-2019 - |
Question
I am trying to find out who changed the password for a login in SQL Server 2008 R2.
I have already checked default trace - and it does not log that event. The default trace will include these security-related events:
/*
Audit Add DB user event
Audit Add login to server role event
Audit Add Member to DB role event
Audit Add Role event
Audit Add login event
Audit Backup/Restore event
Audit Change Database owner
Audit DBCC event
Audit Database Scope GDR event (Grant, Deny, Revoke)
Audit Login Change Property event
Audit Login Failed
Audit Login GDR event
Audit Schema Object GDR event
Audit Schema Object Take Ownership
Audit Server Starts and Stops
*/
Also, looked into transaction log backup to find that out, but no luck.
Is there any other way to find it out ?
Also, I am aware that a server side trace will help, but unfortunately in our server side trace, we did not include the Audit Login Change Password Event
.
Best article that I found is from Aaron Bertrand : Tracking Login Password Changes in SQL Server
No correct solution
Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange