We all know to keep the sa password secret and to share it with as few people as necessary. However, users see no problem with registering their server in Enterprise Manager with the sa id. This setup, however, provides another potential window for someone to gain inappropriate access. Anyone who knows the password to log into the client machine (the person who sits next to you, perhaps) can act as sa on your server from there. Although it is inconvenient, you are best off logging in every time you want to use the sa id.