Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SQL Server authentication hashes

Posted on 2013-06-26
8
316 Views
Last Modified: 2013-07-15
I've been tasked with seeing which MSSQL Database accounts can query the table that stores the encrypted password hashes for SQL authentication accounts across MSSQL 2000, 2005 and 2008 instances? Please can you provide the exact table these hashes are stored in, I beleive it isnt the same for all versions of MSSQL?
0
Comment
Question by:pma111
  • 6
  • 2
8 Comments
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 39277451
In SQL Server 2005 & 2008 its the sys.sql_logins table. Unfortunately I dont have a 2000 instance so cant check although it may be the same table....

I believe its only members of the sysadmins group which can see the contents of the password_hash column but I will have to check to make sure its correct.
0
 
LVL 3

Author Comment

by:pma111
ID: 39277458
That would be most useful, thanks.
0
 
LVL 16

Accepted Solution

by:
EvilPostIt earned 500 total points
ID: 39277465
In this article i found the line...
CONTROL SERVER permission is required to examine the password_hash column of sys.sql_logins.

So looks like the control CONTROL SERVER permission is required.

http://social.technet.microsoft.com/wiki/contents/articles/7937.password-audit-for-sql-server-logins-find-blank-or-common-passwords-for-sql-logins.aspx
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 16

Expert Comment

by:EvilPostIt
ID: 39277481
As a side note, probably a good idea for you to read the article i posted last as it looks along the lines of what you want to do...
0
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 39278132
Is this answer sufficient or do require further clarification?
0
 
LVL 3

Author Comment

by:pma111
ID: 39278144
The only other thing was whether sys_logins may be "invisible" to a non sys admin, they claim the view isnt even there! Which I thought could be permissions related?
0
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 39278295
A user who doesnt have the correct level of permissions see's the sql_logins table but the password_hash column is blank.

They will only see rows for the sa account and themselves. No other SQL logins will be visible.
0
 
LVL 16

Expert Comment

by:EvilPostIt
ID: 39293250
Is this clarification sufficient?
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Database Integrity 1 49
Get Next number from Stored Procedure 8 22
SQL 2012 clustering 9 11
SQL Recursion schedule 13 14
Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Via a live example, show how to shrink a transaction log file down to a reasonable size.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question