Security : SQL Server Passwords

To securely use SQL Server, Microsoft recommends using Windows Integrated Security. In Windows Integrated Security mode, passwords are never stored as your Windows Domain sign-on is used as the security identifier to the database server.
Password and login ID of a registered SQL Server user in Enterprise Manager for SQL Server can be easily retrieved using SQL DMO (Distributed Management Object). Create file SQLPasswords.vbs and open it in Notepad. Add the following code and save it:


Dim pApplication
Set pApplication = CreateObject("SQLDMO.Application")
Call EnumGroups(pApplication.ServerGroups)
Sub EnumGroups(ByVal pGroups)
Dim pServerGroup 
Dim pRegServer 
For Each pServerGroup In pGroups 
 If pServerGroup.RegisteredServers.Count > 0 Then 
  Msgbox "Group :" & pServerGroup.Name 
  For Each pRegServer In pServerGroup.RegisteredServers
   Msgbox "Name:" & pRegServer.Name
   Msgbox "Login:" & pRegServer.Login
   Msgbox "Password:" & pRegServer.Password
  Next
 End If
 If pServerGroup.ServerGroups.Count > 0 Then
  Call EnumGroups(pServerGroup.ServerGroups)
 End If
Next 
End Sub

the script and this will retrieve the passwords of registered servers using your account. If the ‘Always prompt for login name and password’ checkbox is not set when registering a SQL Server, the login ID and password is weakly encrypted and stored in the following registry key: HKEY_CURRENT_USERSOFTWAREMicrosoftMSSQLServerSQLEWRegistered Server X.

How SQL Server stores passwords (SQL accounts) : See article at
http://www.codeproject.com/KB/vbscript/SQLServerPasswords.aspx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s