SECGRAD
asked on
Checking UserId's / Passwords Strength
I received a request from management to scan users on a SQL Server to see if they have strong passwords. I don't know of a tool that can do this so I am needed advice. Is there any tool or application that can do this? (Free / Open Source would be great!)
http://evolvedcode.net/content/code_sqlloginaudit/
ASKER
Excellent! It mentions that it works on MS SQL Server 7 or 2000. Have you tried it successfully in MS SQL 2005?
It won't work in 2005 as is. Not that it really needs to, because you can actually enforce strong passwords through ALTER LOGIN in 2005.
ASKER
So, I should rephrase my question. Is there any tools, scripts, or application that can scan user accounts against SQL 2005 to determine if they have strong passwords? (Free / Open Source would be great!)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(Note the changes: sysxlogins becomes sys.sql_logins, et cetera)
ASKER
Good. Where is the QuickDict.txt mentioned in SET @WordList = 'E:\Wordlists\QuickDict.tx
Shouldn't this be imported to test against a dictionary?
Shouldn't this be imported to test against a dictionary?
The script imports it (BULK INSERT). You can download an example one from the link I sent above. Make sure to change the path and file name accordingly. Keep in mind that it is a path ON THE SERVER, not the machine you run the script from.