26 June,2013 by Jack Vamvas
How can I store an encrypted “sa” Logon password as part of the SQL Server 2014 installation command script? I’d like to store the encrypted password rather than store the plain text password.
The problem of not being able to store an encrypted "sa" password in the SQL Server installation scripts is a technical and auditing requirement. Most companies maintain a SQL Server security policy which includes information about storing passwords.
The comments below refer to :
SQL Server 2005 Installation
SQL Server 2008 Installation
SQL Server 2012 Installation
SQL Serer 2014 Installation
The SQL Server DBA maintains SQL Server Instance build scripts. As part of those scripts special admin logons, "sa" passwords and service account logons are included as part of the code.
An example of a SQL Server 2008 Installation:
E:\SQL_2008_ENT_R1\Setup.exe /INDICATEPROGRESS /SQLSVCPASSWORD="hsjas667" /AGTSVCPASSWORD="ppipoi89" /ISSVCPASSWORD="tttt7vgjki" /SAPWD="mySApasw1rds" /ConfigurationFile=ConfigurationFile.INI
Attempting to place an encrypted password , and hoping it will work , when attempting to logon as "sa" post-installation will not work.
To get around limitation requires some scripting capability. The idea is to execute the installation command from another scripting environment and force a prompt. At the prompt retrieve the password either programmatically or manually from the password vault.
This could be achieved either through Powershell scripts or a batch file. If anyone has a similar problem and has developed a solution , let me know. As well as being a technical issue , there are also audit requirements to maintain passwords in safe locations.
Forgotten sa password - SQL Server DBA
Find Weak passwords in SQL Server - SQL Server DBA
Powershell sql server security audit - SQL Server DBA
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |