SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Changing SQL Server Passwords


Changing SQL Server Passwords

Author
Message
OrcsWeb
OrcsWeb
Grasshopper
Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)Grasshopper (12 reputation)

Group: General Forum Members
Points: 12 Visits: 1
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/orcsweb/changingsqlserverpasswords.asp
jtango
jtango
SSC Veteran
SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)

Group: General Forum Members
Points: 243 Visits: 156

To my knowledge a strong password, which is proteced against even freeware password breaker software should be at least 15 characters long and actually there is not much advantage if uppercase and lowercase characters are mixed with special characters in pw:s. So I think this should be mentioned currently every time passwords are an issue.





thormj
thormj
SSC-Enthusiastic
SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)SSC-Enthusiastic (143 reputation)

Group: General Forum Members
Points: 143 Visits: 1

Why not use NT Authentication?
That would let you use all the current enterprise tools for maintaining and controlling passwords (such as expiration, min length, etc).

Yes, you need to manage the passwords that unattended applications use (user applications can just login as the user), but you'd have to do that anyway with SQLAuth.

Jtango brings up a good point -- it's much better to use a long pass-phrase (or even sentence) than a short one. If your password is < 14 letters, there is the chance that windows will accept a NTLM hash (which is completely dicionaried; given the hash [the part that is sent over the network], they can just look-up a valid password for that hash). Though I'm not sure what effect the "word<sp>word<sp>word" pattern or the generally low-entropy-per-length has on the hash value.





Greg Larsen
Greg Larsen
SSCommitted
SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)

Group: General Forum Members
Points: 1693 Visits: 290

Not all users of SQL Server, that use SQL Server Authentication have Query Analyzer installed on there desktop. The kind of users I am referring to our the ones that typically use applications only from an end-user perspective.

Now, if you are using SQL Server Authentication for end-users, and you do feel strongly about requiring the users to do the following you might consider this.

1) Build a web front end that executes a stored procedure that allows users to change there password. The stored procedure would be the one executing sp_password. This stored procedure would also log into a password change table every time the user changed there password. This stored procedure can also enforce your strong password requirements.

2) Every time someone goes through your application to logon to SQL Server you check the password change table to see when they last changed their password. If they haven't change it in say 90 days (your threshold for when a user need to change their password) then you bring up the password change web page and make them change there password before they get into the system.



Gregory A. Larsen, MVP
mtshpandey
mtshpandey
SSC Rookie
SSC Rookie (44 reputation)SSC Rookie (44 reputation)SSC Rookie (44 reputation)SSC Rookie (44 reputation)SSC Rookie (44 reputation)SSC Rookie (44 reputation)SSC Rookie (44 reputation)SSC Rookie (44 reputation)

Group: General Forum Members
Points: 44 Visits: 4
hi all,
While one can change the password from enterprise manger why is it that the password is not retain and system reset it to some default value.

I have changed the sa password through osql utility but the same steps failed when i changed the the user i have created since the password gets reset by the system.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)

Group: Administrators
Points: 63701 Visits: 19116
It's not clear what you are asking or what you did. Please provide more details about what happened, and what commands you ran.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
yitiana
yitiana
Grasshopper
Grasshopper (24 reputation)Grasshopper (24 reputation)Grasshopper (24 reputation)Grasshopper (24 reputation)Grasshopper (24 reputation)Grasshopper (24 reputation)Grasshopper (24 reputation)Grasshopper (24 reputation)

Group: General Forum Members
Points: 24 Visits: 34
Change SQL Server Password by Windows Authentication

If Builtin/Administrator is present in SQL Server, you can login with an ID which is member of Administrators group and change sa password in SQL Server. Just do as follows:
1. Login into SQL server using Windows Authentication.
2. In Object Explorer, open Security folder, open Logins folder. Right Click on sa account and go to Properties.
3. Type a new SQL sa password, and confirm it. Click OK to finish.
After restarting SQL Server and all its servers, you can log into SQL Server by sa login with new SQL sa password.
barotsmruti
barotsmruti
SSC-Enthusiastic
SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)

Group: General Forum Members
Points: 193 Visits: 561
Can you please provide the step to create web application
barotsmruti
barotsmruti
SSC-Enthusiastic
SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)SSC-Enthusiastic (193 reputation)

Group: General Forum Members
Points: 193 Visits: 561
Can you please provide the step to create web front end
johnowacki
johnowacki
Forum Newbie
Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)Forum Newbie (9 reputation)

Group: General Forum Members
Points: 9 Visits: 0
Here is another way to change SQL Server password: Open the SQL Server Management Studio.Open a New Query.Copy, paste, and execute the following:

GO
ALTER LOGIN [sa] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword' MUST_CHANGE
GO

where NewPassword is the password you wish to use for the sa account.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search