Initially, there is no password for the system administrator. After a server is installed, you should assign a password to SA immediately. Do not forget it. If you forget the SA password, you must reinstall SQL Server.
It is not necessary to assign an SA password if the server is set for integrated security only. However, it is recommended that you assign an SA password if the server is set for standard or mixed security. For a discussion of each type of security, see Chapter 8, Security Concepts.
The first time you log in to a newly installed SQL Server, use sa as your login identification and no password. After you log in, use SQL Enterprise Manager or sp_password to change the SA password to prevent other users from using the system administrator's privileges.
If the server is already registered with SQL Enterprise Manager, you can use that tool to change the SA password.
The logins for that server are listed.
The Manage Logins dialog box appears, displaying information about the SA login ID.
The Confirm Password dialog box appears.
The SA password is changed.
You can also use sp_password to change the SA password. Type:
sp_password old_password, new_password [, login_id]
For example, to change the SA password to "rover" on a newly installed server, type:
sp_password null, rover, sa
For more information about sp_password, see the Microsoft SQL Server Transact-SQL Reference.
For more information about the settings you can modify for a login ID, see Part 4, Security.