SQL 2012 :: Create Credential With Password Masking
Sep 19, 2014
I need to give the below script which contains CREATE CREDENTIAL query to an app team.
CREATE CREDENTIAL crdntl WITH IDENTITY = '<service_acct>',
SECRET = '<pwd>'
GO
My concern is i don't want the password to be visible. Basically i want to use this credential to create a proxy which is then used to run SQL Agent backupjob on number of SQL servers. Also, i cannot leave the SECRET value as blank (as the MSDN suggests.)
Is there any way to mask the password OR any other alternative solution.
Looking for opinions here on what is the best way to programmatically test that a password change to a credential has occurred successfully.
The password change was made using Alter Credential, and I can see in sys.credentials that the credential was updated by the tool that handles these updates. I would just like to be able to confirm that all of the credential updates were successful (in other words, they authenticate correctly) before anything starts to fail.
Assume that the number of SQL Servers is too great to manually check them even if the whole team worked on it together.
I have designed a form and created two parameter fields to accept username and password from the user. Based on the values entered above, I am validating inside a stored procedure. I am unable to mask the text the user enters in the password field. I could not locate any mask property. Anybody can help me?
Due to a previous (mis)configuration, i need to grant readwrite permission on a share from a MSSQL DB User.The SQL user will launch t-sql queries on demand and they cannot be scheduled.
I've created a credential object in SSMS, configured it with the correct AD user and mapped it to the MSSQL DB user.Now, if i execute a simple t-sql backup:
BACKUP DATABASE [DB] TO DISK = N'IP.ADD.RE.SSshareDB.bak' WITH NOFORMAT, NOINIT, NAME = N'DB-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS = 10 GO
I get an access denied error, monitoring the sqlserv.exe process via procmon, i see that the Sql Server process is not impersonating the AD user configured in the credential, it still try to access using the local machine account .
We are running SQL Server 2012 on Windows 2008 Server. I created a credential with a proxy account. In creating the credential, it asked for an Indentity and Secret. I used my windows login and password. Now, I have tested the credential and proxy account by executing a Job which calls a SSIS Package. What is the 'best practice' to use when creating a credential? Should the credential be created with another windows login, created with the same abilities as my windows login, with a non-expiring password? Should that new windows login be used as the owner of my job with the Agent?
In a previous answer about beginning to use SQL Server 2005 Studio you say "Mention your Instance name /user name and password to connect to the server. "
Please advise where I should go to creat the instance name and password. It appears my Studio is running but I have not been asked for an "Instance Name" or password. What, exactly, does instance name mean and how can I tell if I have everything installed correctly? Thank you.
Hello! I can't figure it out how to create a database with an username and a password. I'm using Visual Studio 2005 and Microsoft SQL Server 2005. Can someone help me out? Greetings,Persyn Bert.
Hi, I am using the sql server for creating the database. I want to create the database which is having userid and password. This I require since I wanted to restrict acces to database and also only authorise user to database can use the userid and password created at time of creation of database. So how can I create the database which is having userid and password?
Hello, Could anybody explain: is following supposed to work:
CREATE LOGIN test
WITH PASSWORD=0xF1E9E5CA9A79F7B5D883FA4D9680ED1D4D9AAB12 HASHED,
CHECK_POLICY = OFF; GO
where
0xF1E9E5CA9A79F7B5D883FA4D9680ED1D4D9AAB12 result of
SELECT HASHBYTES ('SHA1','$Test123#')
execution of 'create login' results in following error
Msg 15021, Level 16, State 2, Line 1
Invalid value given for parameter PASSWORD. Specify a valid parameter value.
Interesting enough is that if I use MD5 the hash is 8 bytes shorter and create login works but actual login procedure does not. And if I just use plain text password without HASHED everything works.
This is on sqlexpress 2005 sp2. Is this specific to express version? I've noticed that realatively old SQL BO 2005 states that hashed password should be passed as literal in single quotations ' *** ' (and it does not work) and msdn online states that in case of HASHED hexadecimal value should be passed without single quotations, anyway does not work either ...
I have installed Visual Web Developer Express 2005 with Sql Server Express, I can login with window authentication, but I want to create different user and password that I can use to access a database I have created, can anybody help me how to do this ? Thanks.
Is it possible to create a new user name and password in a mail server with SQL or SQL only can create a new profile with a new username and password which has been created before in a mail server?
If it is not possible with SQL how can I do that? or should I use a diffrent mail server software(Now I'm useing windows 2003 mail server)
is there any way to create a username and password in a mail server with c#? mail server is mine
I log in as myself using Windows authentication, and I'm in the sysadmin role, and this is within a dev instance running on my PC. I execute:
USE [master] GO ALTER LOGIN [sa] WITH PASSWORD=N'newpassword' GO
It's runs without error, but when I try to login with the 'sa' account to the same database using SQL Server authentication within SSMS, I get the following error: Login failed for user 'sa'. (Microsoft SQL Server, Error: 18456)
I can print out the error stack if you think it adds something, but I'm guessing that there's something happening here that's obvious to a SQL Server DBA admin.
We are in the process of deploying security software that will change AD service accounts automatically every 90 days. I was wondering if changing the password on accounts used for SSRS certificates will break the certs? Are there any other gotchas we should be concerned about with automated password changes in SQL?
BOL is very terse on the subject of creating a login with a hashed password. I need to store a script file with a create login for a sql server login, and I don't want the password as plain text. Here is what I've tried:
Code Snippet
declare @input nchar(5), @output varbinary(8000)
set @input = N'A123b'
select @output = hashbytes('sha1', @input)
select @output
create login test with password = '0x22A9EA652CFC38938D56A9C3872B266B192D16D9' hashed
go
This returns the error:
Msg 15021, Level 16, State 2, Line 1
Invalid value given for parameter PASSWORD. Specify a valid parameter value.
Can anybody provide a working example? Am I way off base on the usage of this functionality?
3rd party company set up SQL 2008 R2 SP1(awhile ago, years), they disabled SA no other logon was created with Admin rights, Database is Mixed Mode, never had a DBA. the database is from a Transactional system. Now comes me. I need to set up backups, maintenance etc..
I have been provided System AdminLocal Admin rights on the Server. The Server has been set up like a Domain Controller. I have tried all of the command line options that I know and I can find. I have not been able to get any to work, they all fail login to SQL. Before I take the route of reinstalling SQL on the server I want to make sure I haven't missed any thing, especially since this is a 100% production environment with 3rd party processes and applications attached that are not documented or supported. (nightmare)
I would prefer a cmdline or PowerShell script (ps2).I figure that the holiday is coming up so whatever I will end up needing to do I will be able to complete over the holiday weekend when it is down.
One set I tried as "run as Admin" SQLServr.Exe –m SQLCMD –S <Server_NameInstance_Name> CREATE LOGIN ‘<Login_Name>’ with PASSWORD=’<Password>’ GO SP_ADDSRVROLEMEMBER '<Login_Name>','SYSADMIN'
I should point out the rest of our environments are SQL 2012
My PC is Window XP Pro and I'm using Microsoft SQL Server 2005 Express and Microsoft SQL Server Management Studio Express. My question is how to create a login userid and password under "SQL Server Authentication"? (as shown in http://www.findingsteve.net/print_screen.jpg) Any tutorial about this I can read?
We have a need to have separate password policies for different groups of logins. For example: Those IDs that have greater privileges should be rquired to have more complex passwords that expire more frequently than IDs with lesser privileges.
It appears to me that SQL Server pulls the password policy from the default Active Directory domain group. Is there a way to create/utilize multiple policies for SQL Server authenticated IDs?
I would like to perform an audit of weak passwords, which is well documented for sql users. Using the same methodology, I should be able to audit weak passwords for contained users. To accomplish this, I must be able to find the location of the password hashes for the contained users.
I have looked at sys.syslogins and sys.sql_logins, which both have the password hash for server level users, but not contained users. I was able to find sys.sysusers, which does contain contained users, but no password hash.
What is the location of the password hashes for contained users?
I have a table of users including: UserName, Password (comuted col), FirstName, LastName, Address and other details....
I have to keep 10 Recent passwords , so I created another table "ut_Password " (Table2)
This table contains the following columns : Username, Password , and Password_Date.
I searched a lot but could not find something similar in my opinion need SP for it.
- 10 row Max for Password History in table 2 - when user change password it's need to be uniqe and it should not appear last 10 passwords - Each user can have a maximum of 10 lines containing history password table - Most old password deleted and replaced with a new password will enter the correct date (FIFO method first in first out).
I regularly (every month or so) get the error "The target principle name is incorrect. Cannot generate SSPI context" when trying to remotely connect to my SQL 2012 instance. The SQL service is running using a managed service account. I understand this error can occur when the service account cannot authenticate with AD properly. Looking at the properties of the managed service account, the password for the account was automatically changed this morning - just when the error started.
Where is located the hash password for the contained database users?I have a script that prints all creating statement so that a Dev environment security can be reapply after a prod data refresh but I can't find the table containing the hash password when the user is "with login" for contained database.
In my project source is Oracle and I am using ODBC to connect oracle for lading.I have create 2 project parameter for connection string one for connection and another for password..when I am making expression on ODBC connection it is showing error like below I can't establish a connection because our legacy driver doesn't support 'Password' as a connection string attribute.
when I am passing expression like @[$Package::V_Constring]+ "PWD=faster1" on odbc connection it working fine.
When I use just the ConnectionString property on the ODBC connection manager and use a 'pwd' attribute; all is well. E.g., "uid=<user>;pwd=<password>;Dsn=<dsn name>;". But as soon as I flip the sensitive attribute, I'm getting the classic error:
The expression will not be evaluated because it contains sensitive parameter variable..The sensitive parameter is desired, of course. I don't want the password in the clear.
I have a column called study in a table which has the number of studies such as 10000 or 9934. I wish to display the result 10,000 or 9,934. I wish to put a comma in the numbers. How can I achieve this using a select statement.
We are in the process of doing a database redesign. Our system architect is planning to a bit masked integer field vs. lookup tables. I personally have never used bit masking at the db level. I was wondering if this is a good design choice. I should also note that our application will be db agnostic so it will need to work on SQL, Oracle, MySQL, etc.
