Invoke-sqmSAObfuscation
SecuritysqmSQLTool v1.8.2+ · Hardening⚠ High Impact ✓ -WhatIf supported
DBA_SYSADMIN_01) to hide it from automated attacks. Creates a new dummy SA login with disabled state and a randomized password to maintain compatibility and satisfy compliance audits that expect a SA account to exist.Parameters
| Parameter | Type | Required | Default | Notes |
|---|---|---|---|---|
| -SqlInstance | string | Required | — | Target SQL Server instance. |
| -SqlCredential | PSCredential | Optional | — | Credentials with sysadmin role. |
| -NewSAName | string | Optional | DBA_SYSADMIN_01 | New obfuscated name for the renamed SA login. |
| -BackupCurrentPassword | switch | Switch | $false | Save current SA password to secure backup location. |
| -EnableException | switch | Switch | $false | Re-throw exceptions immediately. |
| -WhatIf / -Confirm | switch | Optional | — | ShouldProcess (ConfirmImpact: High) guards rename execution. |
Execution Flow
Examples
Obfuscate SA with default name and -WhatIf
Invoke-sqmSAObfuscation -SqlInstance "SQL01" -WhatIf
Obfuscate SA with custom name and backup password
Invoke-sqmSAObfuscation -SqlInstance "SQL01" -NewSAName "ADMIN_SYS" -BackupCurrentPassword