SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Server silent installation - problem with cleartext passwords


SQL Server silent installation - problem with cleartext passwords

Author
Message
akshay.pawar123
akshay.pawar123
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 245
Hi,
We are planning to install SQL 2008 on over a large number of servers using the silent installation technique.
1. Since we are using mixed authentication, we need to specify a password for the SA account. We would have to specify it in the config file for silent install.
2. The account used to start SQL Server & SQL Server Agent service is a local windows account and its the same across all servers. I believe we will have to specify it in config file.

Specifying above passwords in a cleartext config file would be a security issue. Is there any way to store these passwords in an encrypted format?

Thanks,
Akshay.
arnipetursson
arnipetursson
Mr or Mrs. 500
Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)Mr or Mrs. 500 (521 reputation)

Group: General Forum Members
Points: 521 Visits: 1019
Even if you do mixed mode, it isa good idea to eventually disable sa.
So after the fact you could:
1. create another sql login with sysadmin, whose pwd is stored in your passwrod vault.\
2. disable sa.

This could be done centrally against many servers via a powershell script (enter password interactively).
EdVassie
EdVassie
SSCertifiable
SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)SSCertifiable (5.7K reputation)

Group: General Forum Members
Points: 5749 Visits: 3860
The best 'workround' I can think of would be to create a command file that passes the passwords at execution time, instead of storing them in a configuration file.

This would allow you to encrypt the command file, while leaving the rest of the install media unencrypted and without any sensitive information.

It should be possible for the owner of the encrypted command file to run the command within it, without non-authorised people able to see its contents.

Once the passwords have been passed to the SQL install process they are held in memory, and any time a password needs to be printed it is shown as a fixed number of *.

Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search