Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Authors
About us
Contact us
Newsletters
Write for us
Daily SQL Articles by email:
Sign up
Back
SQLServerCentral
Register
Home
»
SQL Server 2016
»
SQL Server 2016 - Administration
»
Password policy for system logins
Password policy for system logins
Post reply
Like
68
Add to Briefcase
Password policy for system logins
View
Options
Author
Message
Casper101
Casper101
Posted Last year
#1923035
Hall of Fame
Group: General Forum Members
Points: 3536
Visits: 1826
Hi,
I would like to hear your opinion on password policy for system accounts. (not the service accounts)
For our staff members who have access to SQL, we have the standard policy in place with regards to complexity and in our case,
they have to change their passwords every 90 days. (Until we move onto a domain, where I will rather use domain accounts).
But what about the SQL logins for our front-end systems that connect to SQL? (our websites, applications, etc). Yes we have the complexity of the password in place,
but what about expiration? Should these passwords also expire and be changed, and more importantly, how often?
I don't believe it should also be 90 days like our staff logins....
9
Quote
Thom A
Thom A
Posted Last year
#1923042
SSC Guru
Group: General Forum Members
Points: 92319
Visits: 23186
If the account is being used by a application, website, etc, then they are service accounts, not System Accounts. Generally, service account passwords aren't set to expire; otherwise, when they do things can fall over unless you have a very robust system in that can automatically change all the references to that password in the right places, at the right time. With Service Accounts, you need to endeavour that the account only has access to do what it's allowed to/should do, and just that. On a website, this might mean that the account only has access to run Stored Procedures; anything else after that are inherited.
For your System Administrators, then yes, expiry is a good practice. A lot of places as well have it so that System Administrators have 2 accounts. 1 for day to day, and a second which has sysadmin privs. This means that they can't "accidentally" do something they normally could as an SA but also, should their normal account be compromised, the other is not.
Thom~
Excuse my typos and sometimes awful grammar. My fingers work faster than my brain does :-P
Please always remember to encapsulate your code in IFCode Markup. For example
[code=sql] [/code]
.
Click here
to read Jeffs Guide on how to post SQL questions, and get swift and helpful answers from the community
13
Quote
Alexander Zhang
Alexander Zhang
Posted Last year
#1923103
Ten Centuries
Group: General Forum Members
Points: 1247
Visits: 264
Interesting. My confusion is, what the system logins are. Generally, I consider them some built-in logins such as sa, NT SERVICE\xxx, etc.
In the company I'm working for, Service Account means the account which is used by MSSQL Services, and Application Accounts are for applications( such as Website and other applications ).
GASQL.com - Focus on Database and Cloud
15
Quote
Davis H
Davis H
Posted Last year
#1923124
Old Hand
Group: General Forum Members
Points: 385
Visits: 392
My guess is the reference is to machine accounts. Created on the "system". i.e. MYSERVER\MYUSER
9
Quote
Sue_H
Sue_H
Posted Last year
#1923173
SSC Guru
Group: General Forum Members
Points: 83229
Visits: 16897
+
x
Alexander Zhang - Monday, February 12, 2018 8:50 AM
Interesting. My confusion is, what the system logins are. Generally, I consider them some built-in logins such as sa, NT SERVICE\xxx, etc.
In the company I'm working for, Service Account means the account which is used by MSSQL Services, and Application Accounts are for applications( such as Website and other applications ).
The user was asking about system accounts (not logins) and then asked about SQL logins. Two very different things that Thom explained well.
NT SERVICE\xxx - those are generally virtual accounts, not built in logins. Virtual accounts explained in this documentation:
Configure Windows Service Accounts and Permissions
Sue
6
Quote
Alexander Zhang
Alexander Zhang
Posted Last year
#1923558
Ten Centuries
Group: General Forum Members
Points: 1247
Visits: 264
+
x
Sue_H - Monday, February 12, 2018 12:40 PM
+
x
Alexander Zhang - Monday, February 12, 2018 8:50 AM
Interesting. My confusion is, what the system logins are. Generally, I consider them some built-in logins such as sa, NT SERVICE\xxx, etc.
In the company I'm working for, Service Account means the account which is used by MSSQL Services, and Application Accounts are for applications( such as Website and other applications ).
The user was asking about system accounts (not logins) and then asked about SQL logins. Two very different things that Thom explained well.
NT SERVICE\xxx - those are generally virtual accounts, not built in logins. Virtual accounts explained in this documentation:
Configure Windows Service Accounts and Permissions
Sue
Thanks for your explanation and correction. Glad to learn something:-)
GASQL.com - Focus on Database and Cloud
11
Quote
Sue_H
Sue_H
Posted Last year
#1923568
SSC Guru
Group: General Forum Members
Points: 83229
Visits: 16897
+
x
Alexander Zhang - Wednesday, February 14, 2018 1:26 PM
+
x
Sue_H - Monday, February 12, 2018 12:40 PM
+
x
Alexander Zhang - Monday, February 12, 2018 8:50 AM
Interesting. My confusion is, what the system logins are. Generally, I consider them some built-in logins such as sa, NT SERVICE\xxx, etc.
In the company I'm working for, Service Account means the account which is used by MSSQL Services, and Application Accounts are for applications( such as Website and other applications ).
The user was asking about system accounts (not logins) and then asked about SQL logins. Two very different things that Thom explained well.
NT SERVICE\xxx - those are generally virtual accounts, not built in logins. Virtual accounts explained in this documentation:
Configure Windows Service Accounts and Permissions
Sue
Thanks for your explanation and correction. Glad to learn something:-)
It doesn't help that they keep modifying things with the accounts and how MS implements it on just about every release.
It's all good though, gets more secure on every change. It's just hard to remember which version uses what.
Sue
5
Quote
Go
Post reply
Like
68
Add to Briefcase
Post quoted reply
Permissions
You
can't
post new topics.
You
can't
post topic replies.
You
can't
post new polls.
You
can't
post replies to polls.
You
can't
edit your own topics.
You
can't
delete your own topics.
You
can't
edit other topics.
You
can't
delete other topics.
You
can't
edit your own posts.
You
can't
edit other posts.
You
can't
delete your own posts.
You
can't
delete other posts.
You
can't
post events.
You
can't
edit your own events.
You
can't
edit other events.
You
can't
delete your own events.
You
can't
delete other events.
You
can't
send private messages.
You
can't
send emails.
You
can
read topics.
You
can't
vote in polls.
You
can't
upload attachments.
You
can
download attachments.
You
can't
post HTML code.
You
can't
edit HTML code.
You
can't
post IFCode.
You
can't
post JavaScript.
You
can
post emoticons.
You
can't
post or upload images.
Select a forum
SQL Server 2017
SQL Server 2017 - Administration
SQL Server 2017 - Development
SQL Server 2016
SQL Server 2016 - Administration
SQL Server 2016 - Development and T-SQL
SQL Server 2014
Administration - SQL Server 2014
Development - SQL Server 2014
SQL Server 2012
SQL 2012 - General
SQL Server 2012 - T-SQL
SQL Server vNext
SQL Server 15 - Administration
SQL Server 15 - Development
SQL Server 2008
SQL Server 2008 - General
T-SQL (SS2K8)
June 2007 CTP
Working with Oracle
July CTP
SQL Server Newbies
Security (SS2K8)
SQL Server 2008 High Availability
SQL Server 2008 Administration
Data Corruption (SS2K8 / SS2K8 R2)
SQL Server 2008 Performance Tuning
Cloud Computing
SQL Azure - Development
SQL Azure - Administration
Amazon AWS and other cloud vendors
General Cloud Computing Questions
CosmosDB
Azure Data Lake
Azure Machine Learning
Azure Data Factory
Reporting Services
Reporting Services
Reporting Services 2005 Administration
Reporting Services 2005 Development
Reporting Services 2008/R2 Administration
Reporting Services 2008 Development
SSRS 2012
SSRS 2014
SSRS 2016
Programming
Connecting
General
SMO/RMO/DMO
XML
Service Broker
Powershell
Testing
TFS/Data Dude/DBPro
SSDT
Continuous Integration, Deployment, and Delivery
R Services and R Language
Data Warehousing
Integration Services
Strategies and Ideas
Analysis Services
Data Transformation Services (DTS)
Performance Point
Data Mining
PowerPivot
R language
Machine Learning
Database Design
Disaster Recovery
Design Ideas and Questions
Relational Theory
Hardware
Virtualization
Security and Auditing
SQLServerCentral.com
Anything that is NOT about SQL!
Contests!
Editorials
SQLServerCentral.com Announcements
SQLServerCentral.com Website Issues
Suggestions
Tag Issues with Content
Podcast Feedback
SQLServerCentral.com Test Forum
Articles Requested
SQL Server 2005
Administering
Backups
Business Intelligence
CLR Integration and Programming.
Data Corruption
Development
Working with Oracle
SQL Server 2005 Compact Edition
SQL Server 2005 General Discussion
SQL Server 2005 Security
SQL Server 2005 Strategies
SS2K5 Replication
SQL Server Express
SQL Server 2005 Performance Tuning
SQL Server 2005 Integration Services
T-SQL (SS2K5)
SQL Server Newbies
SQL Server 7,2000
Administration
Backups
Data Corruption
General
Globalization
In The Enterprise
Working with Oracle
Security
Strategies
SQL Server Newbies
Service Packs
SQL Server CE
Performance Tuning
Replication
Sarbanes-Oxley
T-SQL
SQL Server Agent
SQL Server and other platforms
MySQL
Oracle
PostgreSQL
DB2
SQL Server and Sharepoint
Older Versions of SQL (v6.5, v6.0, v4.2)
Older Versions of SQL (v6.5, v6.0, v4.2)
Career
Certification
Employers and Employees
Events
Job Postings
Resumes and Job Hunters
Presentations and Speaking
Retired Members
Testing Center
SQL Server Security Skills
Question of the Day (QOD)
Microsoft Access
Microsoft Access
Products and Books
Third Party Products
CA
SQLCentric
Extreme Technologies.
Innovartis
Embarcadero
SQL Sentry
Sonasoft
Golden Gate Software
Lumigent
Red Gate Software
Quest Software
ApexSQL
Idera
Discussions about Books
Discuss Programming Books
Discuss XML Books
Discuss T-SQL Books
Discuss Data Warehousing Books
Discuss DTS Books
Discuss SQL Server 7.0 Books
Discuss SQL Server 2000 Books
Notification Services
Administration
Article Discussions
Future Versions
SQL 12
Narrow your search by forum
Explore
Home
Latest
Popular
Calendar
Members
Who's on
Moderators
Forums
SQL Server 2017
SQL Server 2017 - Administration
SQL Server 2017 - Development
SQL Server 2016
SQL Server 2016 - Administration
SQL Server 2016 - Development and T-SQL
SQL Server 2014
Administration - SQL Server 2014
Development - SQL Server 2014
SQL Server 2012
SQL 2012 - General
SQL Server 2012 - T-SQL
SQL Server vNext
SQL Server 15 - Administration
SQL Server 15 - Development
SQL Server 2008
SQL Server 2008 - General
T-SQL (SS2K8)
June 2007 CTP
Working with Oracle
July CTP
SQL Server Newbies
Security (SS2K8)
SQL Server 2008 High Availability
SQL Server 2008 Administration
Data Corruption (SS2K8 / SS2K8 R2)
SQL Server 2008 Performance Tuning
Cloud Computing
SQL Azure - Development
SQL Azure - Administration
Amazon AWS and other cloud vendors
General Cloud Computing Questions
CosmosDB
Azure Data Lake
Azure Machine Learning
Azure Data Factory
Reporting Services
Reporting Services
Reporting Services 2005 Administration
Reporting Services 2005 Development
Reporting Services 2008/R2 Administration
Reporting Services 2008 Development
SSRS 2012
SSRS 2014
SSRS 2016
Programming
Connecting
General
SMO/RMO/DMO
XML
Service Broker
Powershell
Testing
TFS/Data Dude/DBPro
SSDT
Continuous Integration, Deployment, and Delivery
R Services and R Language
Data Warehousing
Integration Services
Strategies and Ideas
Analysis Services
Data Transformation Services (DTS)
Performance Point
Data Mining
PowerPivot
R language
Machine Learning
Database Design
Disaster Recovery
Design Ideas and Questions
Relational Theory
Hardware
Virtualization
Security and Auditing
SQLServerCentral.com
Anything that is NOT about SQL!
Contests!
Editorials
SQLServerCentral.com Announcements
SQLServerCentral.com Website Issues
Suggestions
Tag Issues with Content
Podcast Feedback
SQLServerCentral.com Test Forum
Articles Requested
SQL Server 2005
Administering
Backups
Business Intelligence
CLR Integration and Programming.
Data Corruption
Development
Working with Oracle
SQL Server 2005 Compact Edition
SQL Server 2005 General Discussion
SQL Server 2005 Security
SQL Server 2005 Strategies
SS2K5 Replication
SQL Server Express
SQL Server 2005 Performance Tuning
SQL Server 2005 Integration Services
T-SQL (SS2K5)
SQL Server Newbies
SQL Server 7,2000
Administration
Backups
Data Corruption
General
Globalization
In The Enterprise
Working with Oracle
Security
Strategies
SQL Server Newbies
Service Packs
SQL Server CE
Performance Tuning
Replication
Sarbanes-Oxley
T-SQL
SQL Server Agent
SQL Server and other platforms
MySQL
Oracle
PostgreSQL
DB2
SQL Server and Sharepoint
Older Versions of SQL (v6.5, v6.0, v4.2)
Older Versions of SQL (v6.5, v6.0, v4.2)
Career
Certification
Employers and Employees
Events
Job Postings
Resumes and Job Hunters
Presentations and Speaking
Retired Members
Testing Center
SQL Server Security Skills
Question of the Day (QOD)
Microsoft Access
Microsoft Access
Products and Books
Third Party Products
CA
SQLCentric
Extreme Technologies.
Innovartis
Embarcadero
SQL Sentry
Sonasoft
Golden Gate Software
Lumigent
Red Gate Software
Quest Software
ApexSQL
Idera
Discussions about Books
Discuss Programming Books
Discuss XML Books
Discuss T-SQL Books
Discuss Data Warehousing Books
Discuss DTS Books
Discuss SQL Server 7.0 Books
Discuss SQL Server 2000 Books
Notification Services
Administration
Article Discussions
Future Versions
SQL 12
SQLServerCentral
Register
Search
Narrow your search by forum
Unthreaded, ascending
Unthreaded, descending
Subscribe to topic
Print topic
RSS feed
Go to topics forum
Jump to page
Jump to page
Copyright © 2002-2019 Redgate. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.