SA Password Change Logging

I have an issue at a company I am doing some contract work for. One of the
members of the admin team keeps changing the SA password but we do not know
for sure who.

I was thinking of creating a trigger to log into a separate table who has
updated the SA account. The only reference to sql logins I could find is in
sys.sql_logins but this is a system view which a trigger cannot be created on.

I am looking for advice on how we can capture when the password has been
changed and by whom. Has anybody come across anything like this before?

PG Computing (PG Computing@discussions.microsoft.

PG Computing (PG Computing@) writes:

Set up a server DDL trigger on ALTER LOGIN. Test that it acqually captures
changes done with sp_password.


--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

Or using EVENT NOTIFICATION by capturing the DDL events.

Or using EVENT NOTIFICATION by capturing the DDL events. The ObjectName filed
for ALTER LOGIN will have the name of the login whose password is changed.

Also, you could just run a trace.

Linchi