SQL Server silent installation - problem with cleartext passwords

  • Hi,

    We are planning to install SQL 2008 on over a large number of servers using the silent installation technique.

    1. Since we are using mixed authentication, we need to specify a password for the SA account. We would have to specify it in the config file for silent install.

    2. The account used to start SQL Server & SQL Server Agent service is a local windows account and its the same across all servers. I believe we will have to specify it in config file.

    Specifying above passwords in a cleartext config file would be a security issue. Is there any way to store these passwords in an encrypted format?

    Thanks,

    Akshay.

  • Even if you do mixed mode, it isa good idea to eventually disable sa.

    So after the fact you could:

    1. create another sql login with sysadmin, whose pwd is stored in your passwrod vault. 2. disable sa.

    This could be done centrally against many servers via a powershell script (enter password interactively).

  • The best 'workround' I can think of would be to create a command file that passes the passwords at execution time, instead of storing them in a configuration file.

    This would allow you to encrypt the command file, while leaving the rest of the install media unencrypted and without any sensitive information.

    It should be possible for the owner of the encrypted command file to run the command within it, without non-authorised people able to see its contents.

    Once the passwords have been passed to the SQL install process they are held in memory, and any time a password needs to be printed it is shown as a fixed number of *.

    Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

    When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply