Thursday, February 9, 2012

Administering many SQL Servers

We have 25+ SQL Servers our DBA group administers. Each is installed under a
domain account, call it Domain1\SQLAdmin. When we change the password to
Domain1\SQLAdmin we then have to go edit the SQL Server and SQL Server Agent
password properties on each box to be the new password. Is there any way to
automate this process?Hi
No. We have a similar problem with 1400 servers and are going to have each
server have it's own account and password.
This can reduce the likelihood of on compromised server being used to
compromise other, have developers connect from development to production
though linked servers or xp_cmdshell, and a denial of service (account
lockout) against the service account.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"LRSmith" <LRSmith@.discussions.microsoft.com> wrote in message
news:4A097433-5BE9-4383-BB6E-9A8FDE099103@.microsoft.com...
> We have 25+ SQL Servers our DBA group administers. Each is installed under
> a
> domain account, call it Domain1\SQLAdmin. When we change the password to
> Domain1\SQLAdmin we then have to go edit the SQL Server and SQL Server
> Agent
> password properties on each box to be the new password. Is there any way
> to
> automate this process?|||I was afraid that was the answer. Fortunately we don't have 1400 nodes to
worry about. Thanks.
"Mike Epprecht (SQL MVP)" wrote:

> Hi
> No. We have a similar problem with 1400 servers and are going to have each
> server have it's own account and password.
> This can reduce the likelihood of on compromised server being used to
> compromise other, have developers connect from development to production
> though linked servers or xp_cmdshell, and a denial of service (account
> lockout) against the service account.
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "LRSmith" <LRSmith@.discussions.microsoft.com> wrote in message
> news:4A097433-5BE9-4383-BB6E-9A8FDE099103@.microsoft.com...
>
>
Posted by Harold at 9:48 PM
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)