Our audit mandates that an SQL account used by SolarWinds must have
its password expired periodically (eg: every 60 days) even tho we convey
it is a service account.
a) if we forget to change the password prior to expiry, service is affected
b) if we try to set it to non-interactive, will get the error in the attached
In UNIX nagios, I have a tool "changepass" that could change the password
of the nagios interactive account periodically which I could place in crontab
to set the password to an encrypted password ie if this password is seen
by an unauthorized party, he still need to decrypt it.
Thus, I plan to set this MS SQL account's password to expire every 60 days
& then set a script in task scheduler (or some sort of automated periodic
job in MS SQL/Windows) to do something like:
net user /domain SolarWindsOrionDatabaseUse
(above command is for Windows, so I'll need equivalent for MS SQL).
Certainly using the scripted/automated way of changing the password
(including re-using back the password ie bypassing the password
history should not result in the password being expired: I know this
is against password history but I would still want it this way, pls.
When we have time/remembers, we'll go into the script to change
the password to be set in the script)
Certainly the script has to be non-readable or the password
F1xedP@ssw0rd is the encrypted password so that if it's leaked/
seen, no harm.