![]() ![]() The PwnedPasswordTop100k.txt file must be copied to c:\temp on the SQL Server, and the account that runs SQL Server, must have access to the file. ![]() Where not exists(SELECT * FROM fn_my_permissions(NULL, 'SERVER') where permission_name='CONTROL SERVER') Select 'not SYSADM', 'You do not have CONTROL SERVER permissions, and cannot see any password_hashes' SELECT s.name, s.Name FROM sys.sql_logins s - password the same as login (from idea from BP_Check ) SELECT s.name, 'password is NULL' FROM sys.sql_logins s - password is null (from idea from BP_Check )ĪND exists(SELECT * FROM fn_my_permissions(NULL, 'SERVER') where permission_name='CONTROL SERVER')Īnd name NOT IN ('MSCRMSqlClrLogin','#MS_SmoExtendedSigningCertificate#','#MS_PolicySigningCertificate#','#MS_SQLResourceSigningCertificate#','#MS_SQLReplicationSigningCertificate#','#MS_SQLAuthenticatorCertificate#','#MS_AgentSigningCertificate#','#MS_SQLEnableSystemAssemblyLoadingUser#') Where PWDCOMPARE(ppt.pw, sl.password_hash) = 1 Here is my code to run such a password check: - script to check if any of the passwords on your SQL Server is amongst the 100.000 most used passwords that Troy Hunt and NCSC releasedĬreate table dbo.PwnedPasswordTop100k ( pw nvarchar(500) collate Latin1_General_CS_AS not null) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |