Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Show SQL authentication login information Expand / Collapse
Author
Message
Posted Thursday, May 12, 2011 2:03 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, April 17, 2014 12:04 PM
Points: 311, Visits: 1,080
Comments posted to this topic are about the item Show SQL authentication login information


Post #1107513
Posted Thursday, May 12, 2011 5:40 AM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Saturday, March 24, 2012 3:31 PM
Points: 4,587, Visits: 207
Is there a similar set of queries for Windows based logons?
Post #1107617
Posted Thursday, May 12, 2011 6:46 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, April 17, 2014 12:04 PM
Points: 311, Visits: 1,080
Twin-soft.com SME (5/12/2011)
Is there a similar set of queries for Windows based logons?


Windows authentication information is supplied by active directory. You should talk to your network administrators to get the same inforation.

Now after saying that; I'm planning to create another script that will read this information right out of active directory from within SQL server. Only thing is that you will need Domain Admins rights to retrieve the infromation.

I'll have it here as soon as it's done and tested.

Thanks,

Rudy



Post #1107647
Posted Thursday, May 12, 2011 10:38 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, April 10, 2014 9:27 AM
Points: 5, Visits: 113
Hey, you really inspired me today! We have some similar requirements for security auditing so I took the bones of your script to produce the scipt below. I did not want all your columns, but you could add them back in.

This version doesn't need to loop it gathers everything in the select statement(s). I also removed the sa account, any certificate accounts, and domain users and groups.

----------------------------------------------------------
-- SQL Login Audit --
-- Find Local SQL Logins (remove sa, certificate users, --
-- and nt authority) then audit the user --
----------------------------------------------------------

Use Master
GO

select [name] as 'SQL User Name', [CreateDate] as 'CreateDate',(SELECT loginproperty([name], 'BadPasswordCount')) as 'Bad Password Count',(SELECT loginproperty([name], 'BadPasswordTime')) as 'Bad Password Time',
(SELECT loginproperty([name], 'DaysUntilExpiration')) as 'Days Until Expiration',(SELECT loginproperty([name], 'DefaultDatabase')) as 'Default Database',
(SELECT loginproperty([name], 'HistoryLength')) as 'History Length',(SELECT loginproperty([name], 'IsExpired')) as 'Is Expired',
(SELECT loginproperty([name], 'IsLocked')) as 'Is Locked',(SELECT loginproperty([name], 'IsMustChange')) as 'Is Must Change',
(SELECT loginproperty([name], 'LockoutTime')) as 'LockoutTime',(SELECT loginproperty([name], 'PasswordLastSetTime')) as 'PasswordLast Set Time'
from syslogins
where isntuser = '0' and isntgroup = '0'
and [name] not in ('sa', '##MS_SQLResourceSigningCertificate##','##MS_SQLReplicationSigningCertificate##',
'##MS_SQLAuthenticatorCertificate##', '##MS_PolicySigningCertificate##', '##MS_PolicyTsqlExecutionLogin##',
'NT AUTHORITY\SYSTEM', '##MS_PolicyEventProcessingLogin##', '##MS_AgentSigningCertificate##')
Post #1107888
Posted Thursday, May 12, 2011 11:14 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Thursday, April 17, 2014 12:04 PM
Points: 311, Visits: 1,080
I'm glad this script inspired you today!

Here's a question for you. Have you executed my script? It only reports on SQL authenticated user accounts. So you would not get any certificate users and nt authority accounts.

As for "sa" I would leave that in the report as you would want to know if someone has been playing account with that account.

Thanks,

Rudy


[quote]tim.shirey (5/12/2011)
Hey, you really inspired me today! We have some similar requirements for security auditing so I took the bones of your script to produce the scipt below. I did not want all your columns, but you could add them back in.

This version doesn't need to loop it gathers everything in the select statement(s). I also removed the sa account, any certificate accounts, and domain users and groups.

----------------------------------------------------------
-- SQL Login Audit --
-- Find Local SQL Logins (remove sa, certificate users, --
-- and nt authority) then audit the user --
----------------------------------------------------------




Post #1107917
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse