I would like to perform an audit of weak passwords, which is well documented for sql users. Using the same methodology, I should be able to audit weak passwords for contained users. To accomplish this, I must be able to find the location of the password hashes for the contained users.
I have looked at sys.syslogins and sys.sql_logins, which both have the password hash for server level users, but not contained users. I was able to find sys.sysusers, which does contain contained users, but no password hash.
What is the location of the password hashes for contained users?
Where is located the hash password for the contained database users?I have a script that prints all creating statement so that a Dev environment security can be reapply after a prod data refresh but I can't find the table containing the hash password when the user is "with login" for contained database.
It seems like there is no built in procedure for making a password hash inSQL2000. Am I wrong.Do I have to make it from scratch myself or is there samples out there?/Jens Ulrik
As far as I know temp tables/objects will be created inside the default filegroup of the partially contained database and not in tempdb. Is it possible to either define a set of files dedicated to temp objects or define a second partially contained database dedicated to temp objects like tempdb?
I have a specific variation on the standard 'Column Invalid' question: I have this query that works fine:
SELECT vd.Question , csq.Q# , csq.Q_Sort , csq.Q_SubSort , AVG(CAST(vd.Response AS FLOAT)) AS AvgC , vd.RType
[Code] ....
When I add this second average column like this:
SELECT vd.Question , csq.Q# , csq.Q_Sort , csq.Q_SubSort , AVG(CAST(vd.Response AS FLOAT)) AS AvgC ,
[Code] ....
I get the error: Column 'dbo.vwData.Response' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.
Clearly things are in the right place before the change, so I can only assume that the OVER clause is my problem. Is this just not possible?
Here what I want to accomplish, I have table that has 15 column one of the columns is ClientID that is about max 45char. I want to be able to hash on the column and return the hash value in a new column call ClientID_Hash. Is this possible?
When I have a record that I copy and paste (Access 2010 datasheet view) into a new record with one column having a unique constraint , I display message "Cannot insert duplicate code" then if not all values in the record are inserted , I get a #deleted in all columns Refreshing , I find that the id is incremented by 2 instead of one.
That is if the previous record has ID 20 , the #deleted record has ID 22 .
avoid the #deleted which happens if not all columns are filled.
Ideally, I'd like to have the reports use windows authentication, ie grab current user/password so long as user does not have to enter it manually. If that is not possible, then how do I make it so user does not have to enter this info manually? My theory is that I have IIS set up incorrectly for doing this, but I'm not familiar enough with either reporting services or IIS to find out.
Hi. I have a DetailsView with Bound Fields "Login" and "Password". This informations are stored in SQL database. How to solve such authorization? How to compare password stored in database against passowrd typed by user? Is this a good idea to use CustomValidator control to write some checking procedure?. Regards. Pawel.
I log in as myself using Windows authentication, and I'm in the sysadmin role, and this is within a dev instance running on my PC. I execute:
USE [master] GO ALTER LOGIN [sa] WITH PASSWORD=N'newpassword' GO
It's runs without error, but when I try to login with the 'sa' account to the same database using SQL Server authentication within SSMS, I get the following error: Login failed for user 'sa'. (Microsoft SQL Server, Error: 18456)
I can print out the error stack if you think it adds something, but I'm guessing that there's something happening here that's obvious to a SQL Server DBA admin.
We are in the process of deploying security software that will change AD service accounts automatically every 90 days. I was wondering if changing the password on accounts used for SSRS certificates will break the certs? Are there any other gotchas we should be concerned about with automated password changes in SQL?
3rd party company set up SQL 2008 R2 SP1(awhile ago, years), they disabled SA no other logon was created with Admin rights, Database is Mixed Mode, never had a DBA. the database is from a Transactional system. Now comes me. I need to set up backups, maintenance etc..
I have been provided System AdminLocal Admin rights on the Server. The Server has been set up like a Domain Controller. I have tried all of the command line options that I know and I can find. I have not been able to get any to work, they all fail login to SQL. Before I take the route of reinstalling SQL on the server I want to make sure I haven't missed any thing, especially since this is a 100% production environment with 3rd party processes and applications attached that are not documented or supported. (nightmare)
I would prefer a cmdline or PowerShell script (ps2).I figure that the holiday is coming up so whatever I will end up needing to do I will be able to complete over the holiday weekend when it is down.
One set I tried as "run as Admin" SQLServr.Exe –m SQLCMD –S <Server_NameInstance_Name> CREATE LOGIN ‘<Login_Name>’ with PASSWORD=’<Password>’ GO SP_ADDSRVROLEMEMBER '<Login_Name>','SYSADMIN'
I should point out the rest of our environments are SQL 2012
We build up a new website in .net mvc 4.0 on a w2012 server with MSSQL 2012 database.We use windows autentification and normal anonymous access through NT AUTHORITYIUSR who is also a login in the database.But we make extra login possibility for users who are registered and they can insert and modify data in some tables in the database. And I'am afraid of giving NT AUTHORITYIUSR insert and update for some column in tables.I think of set up a new login for the database. Run a new connection string on login and set up special permission for that extra user on the database, and let the user become a member of the ordinary user on the database.
I have a table of users including: UserName, Password (comuted col), FirstName, LastName, Address and other details....
I have to keep 10 Recent passwords , so I created another table "ut_Password " (Table2)
This table contains the following columns : Username, Password , and Password_Date.
I searched a lot but could not find something similar in my opinion need SP for it.
- 10 row Max for Password History in table 2 - when user change password it's need to be uniqe and it should not appear last 10 passwords - Each user can have a maximum of 10 lines containing history password table - Most old password deleted and replaced with a new password will enter the correct date (FIFO method first in first out).
I need to give the below script which contains CREATE CREDENTIAL query to an app team.
CREATE CREDENTIAL crdntl WITH IDENTITY = '<service_acct>', SECRET = '<pwd>' GO
My concern is i don't want the password to be visible. Basically i want to use this credential to create a proxy which is then used to run SQL Agent backupjob on number of SQL servers. Also, i cannot leave the SECRET value as blank (as the MSDN suggests.)
Is there any way to mask the password OR any other alternative solution.
I am migrating a database TESTDB from SQL 2008R2 to a new server running SQL Server 2012.
Management has decided the current sql users should have "better" user names. So the login and username "BadUsername" on the old server should be called "GoodUserName". Goodusername should have the same permissions as Badusername.
I have now restored a backup from the old server to the new server.
I used the following script for creating the login:
CREATE LOGIN [GoodUserName] WITH PASSWORD=N'difficultpassword', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF GO
Then I run the following script:
ALTER USER Badusername WITH LOGIN = GoodUserName, NAME = GoodUserName
But the results are not what I wanted. I now have two database users: Badusername and GoodUserName. I would have preferred if BadUserName was "replaced" by GoodUserName, but it won't be a problem if I have to delete badusername manually. Worser is that GoodUserName have NOT "inherited" any permissions from Badusername.
Is there an easy way to transfer permissions or do I need to loop through the permissions of badusername and apply those to badusername?
I have been using the software, and it has been working fine (on windows user A). Now, I have created another windows user (User B), and would like to use the same software/database. The software launches fine (User B), but cannot access the created SQL database (created with user A)
How do I setup the database to allow access from all users on the same PC?
I am trying to clean up security. When I check tables in a specific database I see a list of users with select access. There are 1000+ tables in the database. I know I can do 'revoke select on table_name to user_name' ....
I have a large table with email column. I need to grant select access to this email column to many users but the actual email should not be visible to those users. I thought of following options:
1.Create an indexed view with that column encrypted and then grant access to users.While searching by email, their search text will also be encrypted and then matched with view column.Problem with this is that I have to create indexed view because most searches will be on Email column and table size is pretty big,20 m records. I don't prefer indexed view in general.
2. Add another column to table with encrypted email and grant access to that column to users. Problem with this is that it will increase table size and i'll need one more index.
I regularly (every month or so) get the error "The target principle name is incorrect. Cannot generate SSPI context" when trying to remotely connect to my SQL 2012 instance. The SQL service is running using a managed service account. I understand this error can occur when the service account cannot authenticate with AD properly. Looking at the properties of the managed service account, the password for the account was automatically changed this morning - just when the error started.
In my project source is Oracle and I am using ODBC to connect oracle for lading.I have create 2 project parameter for connection string one for connection and another for password..when I am making expression on ODBC connection it is showing error like below I can't establish a connection because our legacy driver doesn't support 'Password' as a connection string attribute.
when I am passing expression like @[$Package::V_Constring]+ "PWD=faster1" on odbc connection it working fine.
When I use just the ConnectionString property on the ODBC connection manager and use a 'pwd' attribute; all is well. E.g., "uid=<user>;pwd=<password>;Dsn=<dsn name>;". But as soon as I flip the sensitive attribute, I'm getting the classic error:
The expression will not be evaluated because it contains sensitive parameter variable..The sensitive parameter is desired, of course. I don't want the password in the clear.
I created a SSRS Reports in SQL Server 2012 and deployed in server, I want this report to be accessed by one particular User created in that hosted server and any time if user hits the Report URL it asked for login Prompt.Suppose if I create a Windows User "ReportUser" in report server , I want when user hits the URL he should be able to access the report by providing the 'ReportUser" credentials.
