So, they would have less problems with the system changing domain membership than with the script being updated to install?
Wow. Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Jonathan Link <jonathan.l...@gmail.com> Date: Thu, 17 Dec 2009 13:19:11 To: NT System Admin Issues<ntsysadmin@lyris.sunbelt-software.com> Subject: Re: Thursday Funny Request Honestly, I'm not using SA to access databases, neither are my applications. However, one of our vendors sets an SA password and then requires Windows credentials and disables SQL users. I have no idea why the vendor does it that way, I've called to complain and have been told that it will be addressed in the next realease. In the interim, I don't want to get into a war with a vendor that goes along the lines, of "you modified our installer script, therfore you're not supported." They haven't released an updated script, and while I do know what to change, it's just not a risk I'm willing to take when I have a viable, if annoying alternative. This isn't a niche app, it's essentially our we can't do business without this software app. On Thu, Dec 17, 2009 at 12:07 PM, Ziots, Edward <ezi...@lifespan.org> wrote: > Honestly, > > > > If you are using SA to access databases, you should or the owner of said > application should be flogged mercilessly, along with being tarred and > feathered and dunked in a deep fat frier. That is one of the worse security > issues with SQL, the use of SQL authentication along with giving SA rights. > > > > Editing a script to install SQL is cake and including the SA password, > which should be different than any other SA password for any database should > be done as a best practice. > > > > That and ripping the local administrators out of the System Administrators > for SQL by default. > > > > Z > > > > Edward Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + > > ezi...@lifespan.org > > Phone:401-639-3505 > ------------------------------ > > *From:* Jonathan Link [mailto:jonathan.l...@gmail.com] > *Sent:* Thursday, December 17, 2009 10:43 AM > > *To:* NT System Admin Issues > *Subject:* Re: Thursday Funny Request > > > > They may have an SA password they use and have an SOP to change it as soon > as an application is installed. In this case, the installer is getting an > error when it attempts to set the SA password to one that is less complex > than what your AD would like. There are three options to resolve > this. First is to relax the policy, which I agree with you, you shouldn't > do. The second is to pull the machine from the domain, complete the > install, change the SA password, add back to the domain. The final option > is to find the installer script file for the application, edit it so it > changes the SA password to something complex enough. However, I don't like > to go mucking about in SQL installer scripts unless I have a really good > reason (this isn't one). It's much simpler to remove from AD and add back > in. > > > > He made the request, because the error message says that's what he needs. > I wouldn't expect any less from a DBA. As a sysadmin you need to flog him > gently and give him the options your comfortable with. > > On Thu, Dec 17, 2009 at 9:58 AM, Sherry Abercrombie <saber...@gmail.com> > wrote: > > They have an SA password that they use for all their databases. This is > something to do with calculating taxes, at least that's what the server is, > oh and I didn't mention, this server is in the test environment, we've also > got two additional servers for this purpose one in Dev and one in > production. > > Nope it's not gonna happen. We'll remove it from the domain (2003 domain) > and he can just deal with it. > > On Thu, Dec 17, 2009 at 8:52 AM, Jonathan Link <jonathan.l...@gmail.com> > wrote: > > It's the SA password. > > Is this thing on? > > On Thu, Dec 17, 2009 at 9:49 AM, Kennedy, Jim < > kennedy...@elyriaschools.org> wrote: > > That is the part I don’t get. Based upon his/her request the installer > shouldn’t even need to know the password. It should just install with the > logged in credentials. And if it chokes on a complex password during install > maybe because of a service it installs it will choke afterwards too. > > > > Unless he/she is asking for the password to remain ‘simple’ after the > install…..Just because I am curious I would love to hear the rest of this > story. > > > > > > > > *From:* Sherry Abercrombie [mailto:saber...@gmail.com] > *Sent:* Thursday, December 17, 2009 9:32 AM > > > *To:* NT System Admin Issues > *Subject:* Re: Thursday Funny Request > > > > What I want to know is what kind of application in 2009 "requires" a > network password to not be complex to be installed? > > > I'm just glad he's not in the office yet because I would have to rip him to > shreds.....yeah you can call me alice. > > On Thu, Dec 17, 2009 at 8:14 AM, David Lum <david....@nwea.org> wrote: > > A complex password is so easy to create this sentence is one. **Any** > properly formatted sentence is an adequately complex “password”. People see > me enter my password and ask “how do you remember all that?”. A 25 character > sentence is easier to remember than some bizarre mix of random characters of > half the length. > > > > Even 17 December 2009 is a complex password – does SQL not allow spaces in > passwords? You security experts, is “Sr2FDeT2M0hProYMs” a more complex > password than “There once was a man from Nantucket.”? The latter is a 35 > character password that I’m sure most of you could remember. > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > *From:* Sherry Abercrombie [mailto:saber...@gmail.com] > > *Sent:* Thursday, December 17, 2009 5:46 AM > > > *To:* NT System Admin Issues > > *Subject:* Re: Thursday Funny Request > > > > A complex password is SOOOO easy to create, just look at what is used > whenever you go to a MS training class: p...@ssw0rd, or something along > those lines. Even todays date configured correctly meets the password > complexity requiremends....17December2009. Sheesh.......now I've quit > laughing and am bordering on being pissed off. > > On Thu, Dec 17, 2009 at 7:39 AM, Jon Harris <jk.har...@gmail.com> wrote: > > Sounds to me like you have some people working as DBA's that should be > watched ALL the time to me. > > > > Jon > > On Thu, Dec 17, 2009 at 8:37 AM, Sherry Abercrombie <saber...@gmail.com> > wrote: > > Got this request from on of our DBA's, I'm waiting to respond until after I > stop laughing hysterically: > > Need domain policy temporarly changed on dbaserver to remove requirment > for Windows complex password, so application can be installed and then the > policy can be reactivated. > > > > -- > > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > > Arthur C. Clarke > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > > Arthur C. Clarke > > > Sent from Keller, TX, United States > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > > Arthur C. Clarke > > > Sent from Keller, TX, United States > > > > > > > > > > > > > > > > > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > Sent from Keller, TX, United States > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
