Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

SQL Server silent installation - problem with cleartext passwords Expand / Collapse
Posted Saturday, April 6, 2013 5:10 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, March 21, 2016 2:42 PM
Points: 5, Visits: 245
We are planning to install SQL 2008 on over a large number of servers using the silent installation technique.
1. Since we are using mixed authentication, we need to specify a password for the SA account. We would have to specify it in the config file for silent install.
2. The account used to start SQL Server & SQL Server Agent service is a local windows account and its the same across all servers. I believe we will have to specify it in config file.

Specifying above passwords in a cleartext config file would be a security issue. Is there any way to store these passwords in an encrypted format?

Post #1439608
Posted Monday, April 8, 2013 2:13 PM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Saturday, February 28, 2015 10:12 AM
Points: 329, Visits: 1,019
Even if you do mixed mode, it isa good idea to eventually disable sa.
So after the fact you could:
1. create another sql login with sysadmin, whose pwd is stored in your passwrod vault.\
2. disable sa.

This could be done centrally against many servers via a powershell script (enter password interactively).
Post #1440019
Posted Tuesday, April 9, 2013 5:24 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Yesterday @ 9:44 AM
Points: 3,017, Visits: 3,647
The best 'workround' I can think of would be to create a command file that passes the passwords at execution time, instead of storing them in a configuration file.

This would allow you to encrypt the command file, while leaving the rest of the install media unencrypted and without any sensitive information.

It should be possible for the owner of the encrypted command file to run the command within it, without non-authorised people able to see its contents.

Once the passwords have been passed to the SQL install process they are held in memory, and any time a password needs to be printed it is shown as a fixed number of *.

Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2016, 2014, 2012, 2008 R2, 2008 and 2005. 11 May 2016: now over 37,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #1440272
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse