August 30, 2006 at 11:51 pm
Hi Guys,
I've just been handed over a sql server, that has lots of DTS's on it. The guys who build it, and use it on a daily basis have created an "ini" files (and config files on the application servers) that contains the user id and password for all the accounts that are used to do any type of scheduled job or other jobs.
To me, this is a huge security risk. I perfer to run all the DTS jobs with the userid and password hidden within the task itself. I need to make a business case againse these developers who set up and developed their applications like this.
What do you think? Any comments.
Thanks heaps in advance.
Regards,
TK
August 31, 2006 at 2:57 am
The risk is there and it’s obvious. The risk level it will depend on the permission level of each of those accounts to run DTSs.
To lower the risk you may use encrypted batch files to run the DTSs with the dtsrun instruction on it.
The best would be creating domain accounts to run/edit/schedule the DTSs and also create a DTS role under msdb database giving permission to those accounts.
Feel free to contact me,
PaL
email:pal_soft@hotmail.com
www: will be available soon
August 31, 2006 at 3:02 am
Thanks Paul. I would really appreciate if you could show me a sample encrypted batch file with the DTSRun command.
Also, does that mean that the SQL server agent schedular can't be used to schedule the job any more?
September 5, 2006 at 8:36 am
Look up the topic "dtsrun Utility" in Books Online for details of how to encrypt the parameter string, and much more.
You can still schedule through SQL Server - make sure you choose Operating System Command as the Type when you add the job step with dtsrun in it.
John
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply