Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Changing SQL Server Passwords Expand / Collapse
Author
Message
Posted Monday, February 14, 2005 3:47 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Monday, February 14, 2005 3:36 PM
Points: 2, Visits: 1
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/orcsweb/changingsqlserverpasswords.asp
Post #161575
Posted Thursday, February 17, 2005 12:29 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, April 28, 2014 6:11 AM
Points: 223, Visits: 139

To my knowledge a strong password, which is proteced against even freeware password breaker software should be at least 15 characters long and actually there is not much advantage if uppercase and lowercase characters are mixed with special characters in pw:s. So I think this should be mentioned currently every time passwords are an issue.




Post #162262
Posted Thursday, February 17, 2005 8:50 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, September 6, 2005 10:53 AM
Points: 107, Visits: 1

Why not use NT Authentication?
That would let you use all the current enterprise tools for maintaining and controlling passwords (such as expiration, min length, etc).

Yes, you need to manage the passwords that unattended applications use (user applications can just login as the user), but you'd have to do that anyway with SQLAuth.

Jtango brings up a good point -- it's much better to use a long pass-phrase (or even sentence) than a short one.  If your password is < 14 letters, there is the chance that windows will accept a NTLM hash (which is completely dicionaried; given the hash [the part that is sent over the network], they can just look-up a valid password for that hash).  Though I'm not sure what effect the "word<sp>word<sp>word" pattern or the generally low-entropy-per-length has on the hash value.




Post #162408
Posted Thursday, February 17, 2005 9:23 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Friday, June 6, 2014 2:06 PM
Points: 1,040, Visits: 277

Not all users of SQL Server, that use SQL Server Authentication have Query Analyzer installed on there desktop.  The kind of users I am referring to our the ones that typically use applications only from an end-user perspective.

Now, if you are using SQL Server Authentication for end-users, and you do feel strongly about requiring the users to do the following you might consider this. 

 

1) Build a web front end that executes a stored procedure that allows users to change there password.  The stored procedure would be the one executing sp_password. This stored procedure would also log into a password change table every time the user changed there password.  This stored procedure can also enforce your strong password requirements.

2) Every time someone goes through your application to logon to SQL Server you check the password change table to see when they last changed their password.  If they haven't change it in say 90 days (your threshold for when a user need to change their password) then you bring up the password change web page and make them change there password before they get into the system.

 



Gregory A. Larsen, MVP

Need SQL Server Examples check out my website at http://www.sqlserverexamples.com
Post #162422
Posted Saturday, July 18, 2009 4:17 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Monday, July 20, 2009 1:29 AM
Points: 36, Visits: 4
hi all,
While one can change the password from enterprise manger why is it that the password is not retain and system reset it to some default value.

I have changed the sa password through osql utility but the same steps failed when i changed the the user i have created since the password gets reset by the system.
Post #755262
Posted Saturday, July 18, 2009 10:21 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 8:26 AM
Points: 33,191, Visits: 15,331
It's not clear what you are asking or what you did. Please provide more details about what happened, and what commands you ran.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #755314
Posted Tuesday, August 31, 2010 12:34 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Friday, September 24, 2010 11:51 PM
Points: 10, Visits: 34
Change SQL Server Password by Windows Authentication

If Builtin/Administrator is present in SQL Server, you can login with an ID which is member of Administrators group and change sa password in SQL Server. Just do as follows:
1. Login into SQL server using Windows Authentication.
2. In Object Explorer, open Security folder, open Logins folder. Right Click on sa account and go to Properties.
3. Type a new SQL sa password, and confirm it. Click OK to finish.
After restarting SQL Server and all its servers, you can log into SQL Server by sa login with new SQL sa password.
Post #977710
Posted Friday, February 25, 2011 2:11 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, August 25, 2014 12:56 PM
Points: 172, Visits: 327
Can you please provide the step to create web application
Post #1069863
Posted Friday, February 25, 2011 2:11 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, August 25, 2014 12:56 PM
Points: 172, Visits: 327
Can you please provide the step to create web front end
Post #1069864
Posted Wednesday, April 24, 2013 10:28 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, April 24, 2013 10:23 PM
Points: 1, Visits: 0
Here is another way to change SQL Server password: Open the SQL Server Management Studio.Open a New Query.Copy, paste, and execute the following:

GO
ALTER LOGIN [sa] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword' MUST_CHANGE
GO

where NewPassword is the password you wish to use for the sa account.
Post #1446282
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse