Problem
In some rare occasions it’s possible for organizations to 'forget' their sa password to an operational SQL Server. In cases where this occurs and no trusted Windows Logins (or groups) are part of the sysadmin server role on the server itself, there is seemingly no way to regain Sysadmin permissions.
Solution
In many ways this scenario is like locking your keys in your car when you need to be somewhere – because without the sa password it’s impossible to log in, and without any trusted users in the servers’ sysadmin server role, windows can’t grant administrative access either.
In cases like this (which should be extremely rare) many systems administrators assume that their only recourse is to power SQL Server down, copy the databases somewhere (as a precaution) and then uninstall/reinstall SQL Server and redeploy their databases.
Happily, there's a better way. To recover administrative access to a 'locked out' SQL Server, a member of the Local Administrators group on the host machine can restart SQL Server in single user-mode using the -m startup option (as outlined in Books Online) and by doing so they’ll be automatically added to the sysadmin server role – meaning that they can then either reset the sa password and/or assign users to the sysadmin server role.
Of course, if you’re astute, you’ll note that this ‘feature’ also provides a potential security threat of its own as it means users with administrative access can gain control of SQL Server data even when they haven’t been granted explicit permissions to do so. But, as they say, there’s “no free lunch” (especially when it comes to security). So make sure to have auditing and other safeguards in place if your data is extremely sensitive.