Help: SQL Server

Sharing my knowlege about SQL Server Troubleshooting Skills

  • Blog Stats

    • 2,050,828 hits
  • Select GETDATE()

    February 2012
    M T W T F S S

Help : I lost sa password and no one has System Administrator (SysAdmin) permission. What should I do?

Posted by blakhani on February 8, 2012

If you are thinking that I am going to show you black magic to recover sa password or other login’s password then you have hit the wrong blog post. go back to search engine and search for better tool/utility. Smile

After spending many years with SQL Server product, I have seen situations where someone wants to get in to SQL Server as system administrator as someone recently left company who had System Administrator permission (or hundred other reasons). Till SQL 2000 days, it was impossible to solve such problem other than reinstalling SQL Server. Here are the typical questions I saw in forum:

  • Only sysadmin user is SA and I Lost SA password.
  • I am locked out of SQL server i.e. that no windows users are added (or removed them) as sysadmin and I forgot the password for sa
  • I am windows admin. How can I get sys admin privileges on SQL server express as I removed all sysadmin accounts from SQL.

Here are the various error you might see

  • Unable to create new database. This is generic error which means that you are not having permission.


TITLE: Microsoft SQL Server Management Studio
Create failed for Database ‘SQLServer-Help’.  (Microsoft.SqlServer.Smo)

For help, click:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
CREATE DATABASE permission denied in database ‘master’. (Microsoft SQL Server, Error: 262)
For help, click:

  • When you login to Management Studio, you would see only your own account and ‘sa’ as shown below


  • When you attempt to change password of ‘sa’ you might see below error.


TITLE: Microsoft SQL Server Management Studio
Change password failed for Login ‘sa’.  (Microsoft.SqlServer.Smo)
For help, click:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
Cannot alter the login ‘sa’, because it does not exist or you do not have permission. (Microsoft SQL Server, Error: 15151)
For help, click:


All error messages appear because your account is not a System Administrator of SQL Server Instance.

So, what should you do now? Answer is simple, get yourself added as System Administrator. I know, you would say “don’t you think I have tried that as I got this error!”


TITLE: Microsoft SQL Server Management Studio
Add member failed for ServerRole ‘sysadmin’.  (Microsoft.SqlServer.Smo)
For help, click:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
User does not have permission to perform this action. (Microsoft SQL Server, Error: 15247)
For help, click:


Okay, here is the step by step guide to add any account as System Administrator of SQL Server. This is documented and completely supported way to gain back the rights.  To log into SQL Server as SysAdmin, you need to have Local Administrator permission on the windows which is hosting SQL Server. If you don’t have that also then you may want to check with your windows team to get access (I am not a windows guy)

Steps to login to SQL Server as System Administrator. [Provided you are having windows local administrator permissions]

  • Stop the SQL Server Service using ANY of below command.
    • Net Stop MSSQLServer (for default instance) / Net Step MSSQL$<InstanceName> If you want to know instance name, refer my earlier blog
    • Use SQL Server Configuration manager and stop the SQL service. [Start>Programs>Microsoft SQL Server 2005>Configuration Tools>SQL Server Configuration Manager]
    • Use Services console [ Start > Run > Services.msc] and locate the SQL instance you want to stop.
  • Start SQL Server in Single User mode. You need to use start-up parameter m to start SQL Service in single user mode. I prefer command line but its your choice.
    • Using command line
      • net start MSSQLServer /m SQLCMD        [For default instance]
      • net start MSSQL$<InstanceName> /m SQLCMD     [For named instance]
    • Using configuration Manager
      • Locate the service which you have stopped earlier. Go to its properties, “Advanced”, click on drop down at “Startup Parameters”  and add ;-mSQLCMD as shown below


You might notice that I have use SQLCMD after m. That’s not a typo. Many times, when you start SQL Server in single user mode, application grabs connection before you could. SQLCMD ensures that only SQLCMD program can connect to SQL Server when its running in single use mode. Here is the error you might see if above happens. SQLCMD should be in UPPERCASE. else that would also show same error. Please make sure there is no space between “;” and “-m”, the registry parameter parser is sensitive to such typos. You should see an entry in the SQL Server ERRORLOG file that says “SQL Server started in single-user mode.”

TITLE: Connect to Server
Cannot connect to (local)\SQL2k8R2.
Login failed for user ‘Contoso\demouser’. Reason: Server is in single user mode. Only one administrator can connect at this time. (Microsoft SQL Server, Error: 18461)
For help, click:

  • Connect to SQL Server and add desired account in SysAdmin role.
    I normally prefer to do it from SQLCMD (that’s why I added SQLCMD after m)
    • Open administrator command prompt. (i.e. right click on command prompt shortcut and choose “Run As Administrator”
    • Type sqlcmd –S <complete instance name> For example
      • sqlcmd –S. (for default instance)
      • sqlcmd –S.\MyInstance
        For getting exact name, your my earlier blog
    • You are connected as System Administrator, because you are part of local administrator group in windows.
    • At this point you can add any account to sysadmin because you are connect as sysadmin. Here is the script I normally use to add local administrator group as a part of SysAdmin group in SQL Server Instance. You may want to tweak this as per your needs because I am adding all local admin as sysadmin which is not a good practise.

USE [master]
EXEC master
..sp_addsrvrolemember @loginame = N’BUILTIN\Administrators’, @rolename = N’sysadmin’

  • Here is how it would look on sqlcmd command prompt


  • Stop SQL Server Service. You can use any method as described in first step
  • Start SQL Service normally. This means that you need to remove startup parameter

Here is the MSDN reference for above, just to show that its documented.

So, to conclude, I have not shown any trick to recover any password. Just showed you detailed steps to gain sysadmin access provided you have windows admin rights.

DISCLAIMER: Use the method that is described in this article only as a failure recovery mechanism


43 Responses to “Help : I lost sa password and no one has System Administrator (SysAdmin) permission. What should I do?”

  1. Have had to do it several times in the past 4 years.

    Recovering Windows Domain admin password is even worse

  2. phobosq said

    As per recovery purpose, after starting SQL Server is single user mode you may also think about restoring master database from backup.

  3. Ademus Prime said


  4. Good blog 🙂

  5. brian said

    after i typed CREATE LOGIN [BUILTIN\Administrators] FROM WINDOWS WITH DEFAULT_DATABASE=[master]

    it still said i didnt have access

  6. GS Sohal said

    Hi Balmukand,

    im having the same issue on one of the critical servers (i got my self added in admin group) .. and i want to avoid having to restart ..

    can you let me know .. wht difference starting the SQL in single -user makes .. as compared to doing the same thing .. by

    leaving the SQL running as it was .. and then adding a login VIA Sqlcmd


  7. […] Option: 2… […]

  8. Junk said

    I used to be suggested this website via my cousin.
    I am not positive whether or not this publish is written by way
    of him as nobody else recognise such precise approximately my trouble.
    You are incredible! Thank you!

  9. […] can pass a string with -m which has special meaning and use. I have used this parameter in my blog here but looks like not many of you have seen […]

  10. Need help said

    Can anyone help me, am getting the error:
    1> EXEC master..sp_addsrvrolemember @loginame = N’BUILTIN\Administrators’, @role
    name = N’sysadmin’
    2> GO
    Msg 102, Level 15, State 1, Server MyServer , Line 1
    Incorrect syntax near ”’.
    Where am i getting it wrong?

    • blakhani said

      this generally happens when you copy the code from webpage and paste in command prompt. In above query, remove single quotes and type them again.

  11. […] or do any admin related stuff on my SQLEXPRESS 2012 instance. After search around I came across this blog that showed how you can add an existing windows administrator to SQL and give it admin […]

  12. […]… […]

  13. B-Square said

    I tried several other similar techniques, but they all failed. This is the technique that resolved my issue! Thanks so much!

  14. Eugene said

    THANK YOU! -mSQLCMD is a very important detail that the other articles I came across left out! I kept getting “Login failed for user ‘xxx’. Reason: Server is in single user mode…”, thinking “DUH… these instructions make no sense.”

  15. Joey said

    Another way is to switch to the mixed mode authentication and enable the SA account. Here are step-by-step instructions:

  16. Suresh said

    Thanks Balmukund. It was helpful.

  17. frerelance copywriter said

    After looking over a handful of the articles on your website, I really appreciate your way of writing a blog.

    I added it to my bookmark website list and will be checking
    back soon. Please visit my website as well and let me
    know how you feel.

  18. Ambar said

    One of the best posts I’ve seen! I’ve looked everywhere for this! Thank you! 🙂

  19. Eric said

    this is fabulous. for the people having issues with it… follow the advice and don’t try to use ssms. do it in the cmd window… it’s very easy. follow these steps and you’ll get in.

  20. Don Don said

    We’re having the same issue, can run throught the majority of the article but when I run sqlcmd -S. I get an error below:

    C:\>sqlcmd -S.
    Sqlcmd: Error: Microsoft SQL Server Native Client 11.0 : Login failed for user ‘
    EUROPE\xe00068’. Reason: Server is in single user mode. Only one administrator c
    an connect at this time..

    • blakhani said

      You have to use SQLCMD along with -m so that no one else can connect other than SQLCMD.

      • Don Don said

        Thanks, I’ll try running it with the -m switch

      • Don Don said

        Nearly there! I ran it without the /m switch and got the last part and failed, see below. I have changed the server name and accounts details for oblivious reasons!

        C:\>sqlcmd -S.
        1> USE [master]
        2> go
        Changed database context to ‘master’.
        1> CREATE LOGIN [mydomain\my adm account] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
        2> GO
        Msg 15025, Level 16, State 2, Server MYServername, Line 1
        The server principal ‘mydomain\my adm account’ already exists.
        1> EXEC master..sp_addsrvrolemember @loginame = N’mydomain\my adm account’, @rolename =
        2> GO
        Msg 102, Level 15, State 1, Server MYServername, Line 1
        Incorrect syntax near ”’.

      • blakhani said

        you need to take care of single quotes. copying from webpage messes up with quotes. I would suggest to type the command.

  21. […] 2.; […]

  22. Great post! helped me to get the sa enabled. thanks a bunch.

  23. pkeerthy said

    Great Post! helped me to enable my sa account which was locked. thanks a bunch.

  24. Sambit said

    Great Stuff. It really helped me. Many Thanks. 🙂

  25. Sambit said

    Great stuff. It actually worked. Many thanks. 🙂

  26. N V said

    Good Post.

  27. DB said

    What can you do if sql server is installed on primary DC?

  28. Sigriest said

    I used the single use mode just to unlock the sa account. thanks

  29. Jason Elizondo said

    Hello everyone, i got this message, after the command: CREATE LOGIN [BUILTIN\Administrators] FROM WINDOWS WITH DEFAULT_DATABASE=[master]

    Msg 15247, Level 16, State 1, Server DESKTOP-0LEUPE5\SECURITYEXPERT, Line 1
    User does not have permission to perform this action.

    Could you help me?


  30. tsamo said

    I used this command sqlcmd -S myServer\instanceName.I get this message “Login failed account is disabled” and it is the same message I get when I login with ssms.My admin account is the local windows account.Need help please

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: