Securing Local System, Password Expiration, Occasionally Connected MSDE
Jul 14, 2005
Numerous articles (e.g., http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp, even one that I wrote, http://www.dbazine.com/sql/sql-articles/cook12) state that to secure SQL Server, the SQL Server services should not run as Local System. That advice is useful only if making the change is not overly disruptive or is even allowable. My two most recent clients have absolutely rigid password expiration policies that require all account passwords to be changed at regular intervals. Realistically, that makes a compelling case for running as Local System.
Hi,I am writing an application that uses MSDE to store data.Both application & MSDE run on the same computer.I want to regulate the operations done on the DB by the user. Forexample, I don't want to allow "standard" users to delete records,update certain fields, etc...I can regulate these rules within my program, but what if the user runsMSDE query for example on the DB and fetches the list of users &passwords from the DB ?In other words, I need to make sure only the application has access tothe DB. This seems like a common type of problem but I haven't beenable to find any solutions.Any suggestions would be greatly appreciated.Danny
This has to be a simple question for most of you, so here goes.My passwords for sa and another login that I created keep resetting.How can I turn off password expiration in SQL Server 2000?Thanks!MB
We are looking for a way to tightly secure the database of a product being developed in MSDE 2k & C# so that even the db design cannot be viewed or data retrieved through any migration tools.
The NetLib database security tool perfectly matches our requirement but is overpriced. Any suggestions on the next best alternative?
I am building a winforms .net 3.5 application which connects to a SQL Server 2005 database with SQL server authentication. Is it possible to access the SQL Server password policy and expiration through the .NET 3.5 framework? I would like add the following functionality to my login form:
Ensure passwords meet policy standard.
Prompt a user to change their password when it is due to expire in 5 days or less. Thanks in advance.
We need to use SQL Server Authentication for some reason and would like to enforce Password Policy with 90-day expiration period. I found "Change password" dialogue appears when I first logged in with the new user, but don't know
(1)what happens when the user failed to change the password before it's expired or (2)how a user can change his password in advance of the expiration date with no particular server-level permission.
I have just installed Windows 2000 Pro, Visual Studio 2003 Academic and , MSDE 2000. I get the little icon in the Service Tray(?) showing an empty circle partially overlaying a server symbol. It says Not Connected-VSDOTNET. If I click it and get SQL Server Service Manager and put in Server name of VSDOTNET, The drop down listbox for SERVICES is empty (no SQL Server choice) I enabled TCP/IP for this server thru SVRNETCN.DLL. I'm a newbie to pc development. Help!
1. .NET Framework Version 1.1 Redistributable 2. .NET Framework Version 1.1 Software Development Kit (SDK) 3. MSDE 2000 Rel A
In the command window I changed to the directory where MSDE 2000 Rel A was installed and typed in this:
setup.exe INSTANCENAME=MyDb DISABLENETWORKPROTOCOLS=1 SAPWD=<My SA PASSWORD>
MSDE installed successfully and the little icon appeared in the system tray, next to the clock. However, there was no little green arrow/triangle showing on the icon to show connection status as Connected.
4. ASP.NET Commerce Starter Kit
During the Starter Kit install a Connect to Database window opened - Connect to SQL or MSDE.
In the 'Server' field the following was automatically displayed:
STEVE-HOME/MyDb
Where STEVE-HOME is the name of my computer (changed from 'localhost') and MyDb is the instance name.
Thw 'Windows Authentication' radio button was selected by default. I left this unchanged, then clicked OK.
A window opened asking to test the connection. I clicked OK and the connection was successful.
(I didn't select the SQL Server authentication or enter a username, password or select a Database.)
The Starter Kit installed successfully and works fine. However, the SQL Server Service Manager icon states it is not connected when I mouse over it.
I opened the SQL Server Service Manager window and the Server and Services fields are blank.
Surely the Starter Kit wouldn't work if MSDE wasn't connected.
Can anyone advise on how to get the icon to show it is connected
I have a MSDE database running with my sharepoint portal and now i want to customize the portal with some pages built in webmatrix, but i am getting a huge problem. i just don't know what he MSDE password is. how may i find it out, change it or even break it?
Hi there, i have a test sql server. personal Edition Sp2. i loggoed on with a domain account that is part of local admin group. i was surprised when i found that i don't have enough access to work on the database like create and restore databases i tried to log on with sa but password not succeeded i don't remember that i had changed the password or put a difficult one. i also tried from the local administrator i also couldn't get the permission !! what could gone wrong ? thanks god its only a test server :S
I have installed MSDE using the following parameter:
commandline> setup SAPWD="MySAPwd"
now all was set up... when i opened the osql utility..i wasnt able to login... it kept asking me the login name ans password...
i entered my windows login name which is 'home' and entered 'kham00s' as the password... it didnt work... then i entered my windows login name again which is 'home' and entered 'OTHERPASSWORD' as the password which is my system password...but did not work either...
then i logged in using :
commandline> osql -E
It successfully logged in... and i was able to create databases and tables...
can someone tell me how to set a username and password for MSDE please... so that i can connect to MSDE using WebMatrix...
i m coming from a PHP/MySQL background so i know SQL and stuff... but dont know how to handle and configure MSSQL...
waiting for the response.. thanks in advance... Bye. Kamran.
While installing the MSDE I get the folowing error: A storng SA password is required forsecurity reasons. Please use SAPWD switch to supply the same. Refer to readme for more details. Setup will now exit.
I have installed msde 7.0 on a pc with win98.Someone has changed sa passwordHow can I reset sa password?I'm unable to logon with trusted connection because the pc is not nt.Thanks
Hi,I had this problem in version 7 and dont remneber How I solved it!!I have installed a local SQL Server (2000 aka version 8) on myWorksation (W2K), I have picked NT authuntication.Everything was fine untill I changed my password. Now SQL server cannot start because it fails to login. The old password is embeddedsomwhere and I cant egt to it!!!My workstation is on a network, so the password is my networkpassword.Everythinng is MS on our network.Any help would be appreciated.ThanksFardad
We would like to use the SQL Server 2005 Express at our customers. But now we have to meet the local security settings of the PC. What is happening with the database users password (e.g. sa) when the "Maximum password age" in the "local security settings" for the password policy is to >0 (e.g. 30 days)?
Because this cause a frequently change of the passwords at the customers!!!!!!
I have installed WebMatrix and MSDE and have been able to successfully make a connection from WebMatrix to MSDE. I am used to using SQL Server with Enterprise Manager but I do not have that available to me right now so I'm using MSDE instead. I followed the setup instructions on the WebMatrix tutorial and setup MSDE with an SA password. I would now like to change the password to something else. Is there a command that I can use to do that? There is no Enterprise Manager so I'm kind of stumped. Thanks in advance for your help.
I am Access user of both BE and FE. I would like to set my BE with SQL
Therefore, as trial I just downloaded MSDE2000A.Exe a Desktop SQL Engine from Microsoft. I need to install it. But due to some technical aspect (which I might not understand) I could not install it. Bcz whenever I am trying to install its setup file, it ask me a strong password. How to set it ? or how to supply it I dont know...
Hi Guys,We've lost the password for the sa. No other users belong to the admingroup. I've tried logging in using osql -E (windows authentication)without success. Is there anyway to reset the sa password? The databaseis MSDE and the version seems to be 7 (sql server 7 folder on pc). Itis running on Windows 2000 professional.Any help would be greatlyappreciated.Regards,Eddie
I am trying to upgrade the SQL Server 6.5 on one server to SQLServer2000 on the other machine.At that time, i am getting the following error:"The local SQL Server is running under localsystem priviledges,preventing the upgrade wizard to connect to the export server."I am logged on thru the administrator on both the machines.Pls tell how to to eradicate this error, so that my upgrade issuccessful.Thanks in advance.
We recently downloaded and installed SQL Express as it was a required program for our new database management software. When trying to install my database management software I was asked to Login to the SQL server. I entered the SQLEXPRESS server, however, I do not have the SA password. When SQL Express installed it did not ask for a password only for a user name and company. I am running Windows Small Business Server with the Administrator and no password. We did not assign a password to the Administrator account yet.
I have tried to leave the password blank using the login SA and I get error message 28000 Login failed for user. The user is not associated with a trusted SQL Server Connection.
Is there a default password for SA? Or in the alternative, how do I create a user or associate an exising Windows user with a trusted SQL server connection?
Just spotted that some cowboys install a Live DB Server using Local System Account for the SQL Server Service. Gonna change it to a Domain Admin Account tonight. Anyone got any advice or warnings about any "gotchas" I might run in to during a job like this?
A very stupid question but want to see if i have an answer.
Is it possible to run SQL Server Service and SQL Server Agent Service under local system(not Domain account) without granting SA Permissions on the server. is it ever possible to run by just granting some registry permissions and not making BUILTINAdministrators a SA on the server.
Is it possible to set up database mirroring between two servers that have SQL Service running under Local system? I tried to setup mirroring between two servers running under Local system but was running into the following error:
Server or Network address cannot be reached or does not exist.
What are the pre-requisites for setting up database mirroring if the service runs under Local system? Do I have to configure certificates? Is that mandatory? Can anyone please let me know. Any other gotchas?
I am using a web application using asp.net 1.1 vs 2003. i am using sql server authentication where users are using their sql server user id and sql server saved passwords. how can i change their passwords inside the sql server? is there a system sp that allows one to pass one's user id and then change password. I will need to call that sp from a user defined store dprocedure and pass the parameters and that will change the password on the sql server. thanks
I have inherited a sql server and no one knows the SA password. I cannot login with windows authentication even if the account is administrator of the machine.
I have an application I developled for a shopping cart function using Wrox ASP.NET book as a guide. I have everything working great on my local system using SQL 2005 Express. When I move the app to an IIS 6.0 Web Server with SQL 2005 Express installed I get the following error. Line 103: Public Overridable Property Cart() As Wrox.Commerce.ShoppingCartLine 104: GetLine 105: Return CType(Me.GetPropertyValue("Cart"),Wrox.Commerce.ShoppingCart)Line 106: End GetLine 107: Set It has some comments up top about not being able to establish a connection to the SQL Express Database. I have made the changes to allow TCP/IP and Named-Pipes The App has to be connecting to the database because it displays grid views during the order process. The Database is located in the App Data folder IIS is set to Integrated Authentication and configured as a Web Application. Can someone please tell me what is wrong. thanks.....
I can schedule my task in DTS provided my sql server agent runs in the same windows authentication as of the windows login(specified the user name and pass word in the logon properties of sql server agent) and DTS package owner.
it is failing when i run with local system account. why is that so.
I noticed that when installing on a Windows XP machine, the installation results in a SQLServer instance which is configured with Built-in account = Network Service. However, with the same command line used on Windows 2000 machines, the configuration winds up being Built-in account = Local System. My understanding is that the default configuration is supposed to be Local System.
What can I do to ensure that the instance configuration is always Local System during the silent installation? This is required otherwise, under the Network Service configuration, it creates a messy situation to attach DBs.
Hello,My server is part of a W2K domain. What do you advice me as account torun my SQL*Server, service started with a domain user account or aslocal system ?I need advices from a security point of view.Thank's in advance
It is simple question, just slipped out of my mind at this time...... how do we change Security Context for 2005 version from network to local system. thanks,
