Changing Credentials

  • Rechana Rajan

    SSCertifiable

    Points: 7669

    Dear Experts,

    Our security team want to change all passwords of service accounts and application accounts(SQL), is it really advisable to do so? Is there anyway to analyze the impact of this change?

    Thanks in Advance.

  • Michael L John

    One Orange Chip

    Points: 25754

    Sure, it's advisable.

    I'm assuming that the reason for this is because the users and passwords have slowly got out to the people who shouldn't have them, or they do not have the usernames and passwords stored anyplace?

    How many servers?

    I suggest that your company invests in a password manager program, if they do not have one, and be very strict in it's use.

    Also, i suggest you look into Managed Service Accounts.

    https://blogs.technet.microsoft.com/askds/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting/

    Michael L John
    If you assassinate a DBA, would you pull a trigger?
    To properly post on a forum:
    http://www.sqlservercentral.com/articles/61537/

  • Rechana Rajan

    SSCertifiable

    Points: 7669

    Michael L John wrote:

    Sure, it's advisable.

    I'm assuming that the reason for this is because the users and passwords have slowly got out to the people who shouldn't have them, or they do not have the usernames and passwords stored anyplace?

    How many servers?

    I suggest that your company invests in a password manager program, if they do not have one, and be very strict in it's use.

    Also, i suggest you look into Managed Service Accounts.

    https://blogs.technet.microsoft.com/askds/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting/

    Thanks Michael, both the reasons you mentioned are valid for SQL Accounts but Service Account and Admin Accounts are strictly with DBAs and Windows Admins.

    Thanks for suggestions. Will look into those options.

  • Jeff Moden

    SSC Guru

    Points: 994647

    Rechana Rajan wrote:

    Thanks Michael, both the reasons you mentioned are valid for SQL Accounts but Service Account and Admin Accounts are strictly with DBAs and Windows Admins.

    If you're sharing the passwords for those accounts across multiple people, I suggest you stop that practice because there's no accountability that way.  Yes, there are service accounts, but they should not be used by individuals.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."
    When you put the right degree of spin on it, the number 3|8 is also a glyph that describes the nature of a DBAs job. 😉

    Helpful Links:
    How to post code problems
    Create a Tally Function (fnTally)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply