Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL Server silent installation - problem with cleartext passwords Expand / Collapse
Author
Message
Posted Saturday, April 6, 2013 5:10 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, July 3, 2014 11:40 PM
Points: 4, Visits: 226
Hi,
We are planning to install SQL 2008 on over a large number of servers using the silent installation technique.
1. Since we are using mixed authentication, we need to specify a password for the SA account. We would have to specify it in the config file for silent install.
2. The account used to start SQL Server & SQL Server Agent service is a local windows account and its the same across all servers. I believe we will have to specify it in config file.

Specifying above passwords in a cleartext config file would be a security issue. Is there any way to store these passwords in an encrypted format?

Thanks,
Akshay.
Post #1439608
Posted Monday, April 8, 2013 2:13 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Today @ 10:40 AM
Points: 285, Visits: 901
Even if you do mixed mode, it isa good idea to eventually disable sa.
So after the fact you could:
1. create another sql login with sysadmin, whose pwd is stored in your passwrod vault.\
2. disable sa.

This could be done centrally against many servers via a powershell script (enter password interactively).
Post #1440019
Posted Tuesday, April 9, 2013 5:24 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: 2 days ago @ 4:18 AM
Points: 2,886, Visits: 3,256
The best 'workround' I can think of would be to create a command file that passes the passwords at execution time, instead of storing them in a configuration file.

This would allow you to encrypt the command file, while leaving the rest of the install media unencrypted and without any sensitive information.

It should be possible for the owner of the encrypted command file to run the command within it, without non-authorised people able to see its contents.

Once the passwords have been passed to the SQL install process they are held in memory, and any time a password needs to be printed it is shown as a fixed number of *.


Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2014, 2012, 2008 R2, 2008 and 2005. 18 October 2014: now over 31,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #1440272
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse