Change SQL Server service account without restarting SQL ServerChange SQL Server settings without restarting...
Why is Bernie Sanders maximum accepted donation on actblue $5600?
Why is quixotic not Quixotic (a proper adjective)?
Identical projects by students at two different colleges: still plagiarism?
Exploding Numbers
Dot product with a constant
How can I make my enemies feel real and make combat more engaging?
What is an explicit bijection in combinatorics?
Taking an academic pseudonym?
What if you do not believe in the project benefits?
Cryptic cross... with words
Is it Safe to Plug an Extension Cord Into a Power Strip?
When distributing a Linux kernel driver as source code, what's the difference between Proprietary and GPL license?
Sets which are both Sum-free and Product-free.
Is it ethical to apply for a job on someone's behalf?
Given the mapping a = 1, b = 2, ... z = 26, and an encoded message, count the number of ways it can be decoded
Can a Hydra make multiple opportunity attacks at once?
Can I do anything else with aspersions other than cast them?
Why is Shelob considered evil?
Boss asked me to sign a resignation paper without a date on it along with my new contract
What does "don't have a baby" imply or mean in this sentence?
Why don't you get burned by the wood benches in a sauna?
How do I avoid the "chosen hero" feeling?
What's the function of the word "ли" in the following contexts?
Why Doesn't It Completely Uninstall?
Change SQL Server service account without restarting SQL Server
Change SQL Server settings without restarting servicesChanging the SQL Server service account - any additional considerations?SQL Server starts normally from Windows Services screen, but shows error through SQL Server Configuration Manager. Why?Changing SQL Server service accountChanging SQL Server service account passwords enterprise-wideSQL Server service account change from virtual account to AD accountSSRS and Managed Service Account - impossible to configure?What are points to consider when replacing the SQL Server service account?Changing Service Account password in SQL Server - ClarificationRevert to using local account for SQL Server services
For security reasons, we want to change the password that starts the SQL Server service everyday. Is it possible to do this without restarting the service?
If it is possible will the changes be immediately applied, or will I eventually need to restart the service to get the new password?
We were thinking of doing this change in the services option of the windows OS and not in SQL Server configuration manager.
sql-server security configuration-manager
edited 3 mins ago
jadarnel27
5,46811937
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
add a comment |
For security reasons, we want to change the password that starts the SQL Server service everyday. Is it possible to do this without restarting the service?
If it is possible will the changes be immediately applied, or will I eventually need to restart the service to get the new password?
We were thinking of doing this change in the services option of the windows OS and not in SQL Server configuration manager.
sql-server security configuration-manager
edited 3 mins ago
jadarnel27
5,46811937
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
4
You might want to consider this Group Managed Service Accounts (gMSA) and SQL Server 2016
– SqlWorldWide
Feb 6 at 19:54
1
This sounds like a classic XY problem - add details to your question showing what security issue you are attempting to alleivate, why you want to change the password every day, and what you think that will buy you without restarting the instance.
– Max Vernon
Feb 6 at 21:03
To further the "XY Problem" comment, why are you using a service account with a password in the first place? Best practice is to use a virtual account (or NETWORK SERVICE if using Windows Server 2008). See docs.microsoft.com/en-us/sql/database-engine/configure-windows/…
– Greenstone Walker
Feb 6 at 22:44
add a comment |
For security reasons, we want to change the password that starts the SQL Server service everyday. Is it possible to do this without restarting the service?
If it is possible will the changes be immediately applied, or will I eventually need to restart the service to get the new password?
We were thinking of doing this change in the services option of the windows OS and not in SQL Server configuration manager.
sql-server security configuration-manager
edited 3 mins ago
jadarnel27
5,46811937
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
For security reasons, we want to change the password that starts the SQL Server service everyday. Is it possible to do this without restarting the service?
If it is possible will the changes be immediately applied, or will I eventually need to restart the service to get the new password?
We were thinking of doing this change in the services option of the windows OS and not in SQL Server configuration manager.
sql-server security configuration-manager
sql-server security configuration-manager
edited 3 mins ago
jadarnel27
5,46811937
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
edited 3 mins ago
jadarnel27
5,46811937
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
edited 3 mins ago
jadarnel27
5,46811937
edited 3 mins ago
jadarnel27
5,46811937
edited 3 mins ago
jadarnel27
5,46811937
5,46811937
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
asked Feb 6 at 19:51
Andres ArangoAndres Arango
82
82
4
You might want to consider this Group Managed Service Accounts (gMSA) and SQL Server 2016
– SqlWorldWide
Feb 6 at 19:54
1
This sounds like a classic XY problem - add details to your question showing what security issue you are attempting to alleivate, why you want to change the password every day, and what you think that will buy you without restarting the instance.
– Max Vernon
Feb 6 at 21:03
To further the "XY Problem" comment, why are you using a service account with a password in the first place? Best practice is to use a virtual account (or NETWORK SERVICE if using Windows Server 2008). See docs.microsoft.com/en-us/sql/database-engine/configure-windows/…
– Greenstone Walker
Feb 6 at 22:44
add a comment |
4
You might want to consider this Group Managed Service Accounts (gMSA) and SQL Server 2016
– SqlWorldWide
Feb 6 at 19:54
1
This sounds like a classic XY problem - add details to your question showing what security issue you are attempting to alleivate, why you want to change the password every day, and what you think that will buy you without restarting the instance.
– Max Vernon
Feb 6 at 21:03
To further the "XY Problem" comment, why are you using a service account with a password in the first place? Best practice is to use a virtual account (or NETWORK SERVICE if using Windows Server 2008). See docs.microsoft.com/en-us/sql/database-engine/configure-windows/…
– Greenstone Walker
Feb 6 at 22:44
4
4
You might want to consider this Group Managed Service Accounts (gMSA) and SQL Server 2016
– SqlWorldWide
Feb 6 at 19:54
You might want to consider this Group Managed Service Accounts (gMSA) and SQL Server 2016
– SqlWorldWide
Feb 6 at 19:54
1
1
This sounds like a classic XY problem - add details to your question showing what security issue you are attempting to alleivate, why you want to change the password every day, and what you think that will buy you without restarting the instance.
– Max Vernon
Feb 6 at 21:03
This sounds like a classic XY problem - add details to your question showing what security issue you are attempting to alleivate, why you want to change the password every day, and what you think that will buy you without restarting the instance.
– Max Vernon
Feb 6 at 21:03
To further the "XY Problem" comment, why are you using a service account with a password in the first place? Best practice is to use a virtual account (or NETWORK SERVICE if using Windows Server 2008). See docs.microsoft.com/en-us/sql/database-engine/configure-windows/…
– Greenstone Walker
Feb 6 at 22:44
To further the "XY Problem" comment, why are you using a service account with a password in the first place? Best practice is to use a virtual account (or NETWORK SERVICE if using Windows Server 2008). See docs.microsoft.com/en-us/sql/database-engine/configure-windows/…
– Greenstone Walker
Feb 6 at 22:44
add a comment |
3 Answers
3
active
oldest
votes
I would not go through group managed service accounts initially, depending on the issue, environment you are dealing with.
I am not sure what version of sql and the type of security issues you have, but from previous experience permissions to sql server service and agent accounts take affect after a restarting of the service.
I would rather use the sql server configuration manager whenever possible
If you are concerned about security you most definetely need to be able to restart this service, and if that is not possible, then your environment is asking for a good availability group configured, so you are always on, because you need to bear in mind you need patching your servers on a regular basis, and that requires reboots most of the time.
Please review what is preventing your from restarting and address that with management.
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
add a comment |
...for security reasons we want to change the password that starts the sql server service everyday
I realize this is probably outside your control, but it's worth mentioning that this is not a good idea for security. It's a high process overhead for your organization (even if it's generally automated in some way), and it will likely lead to increased chances of some kind of password breach.
Think about it like this: every time you open the bank vault, there is a risk that some malicious person can get inside. Would you rather open the vault every single day and change the locks, or open it occasionally and keep a really big lock on it (long, secure password).
Accessing the password every day (to change it, and then apply it to the service account) is like this. You should very a very secure password over changing the password frequently.
If you are required to do this, though - why don't you want to use SQL Server Configuration Manager? That is the recommended method per the docs:
SQL Server Configuration Manager - Changing the Accounts Used by the Services
Always use SQL Server tools such as SQL Server Configuration Manager to change the account used by the SQL Server or SQL Server Agent services, or to change the password for the account. In addition to changing the account name, SQL Server Configuration Manager performs additional configuration such as setting permissions in the Windows Registry so that the new account can read the SQL Server settings. Other tools such as the Windows Services Control Manager can change the account name but do not change associated settings. If the service cannot access the SQL Server portion of the registry the service may not start properly.
Emphasis added by me. So doing this outside of the service can cause reliability issues with your database engine.
Regarding avoiding a restart, using the configuration manager accomplishes this goal as well:
As an additional benefit, passwords changed using SQL Server Configuration Manager, SMO, or WMI take affect immediately without restarting the service.
Of course, as other answers have mentioned, you should be allowed to restart the service from time to time (Windows Updates, etc).
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
add a comment |
for security reasons we want to change the password that starts the sql server service everyday
Why is sql server service restarted everyday ? Just before you restart the service, you can use dbatools - Update-DbaServiceAccount to update the password for the sql server service account.
e.g. Below Changes the current service account's password of the service MSSQL$MYINSTANCE to 'Qwerty1234'
$SecurePassword = ConvertTo-SecureString 'Qwerty1234' -AsPlainText -Force
Update-DbaServiceAccount -ComputerName sql1 -ServiceName 'MSSQL$MYINSTANCE' -SecurePassword $SecurePassword
answered Feb 6 at 20:43
KinKin
53.7k481190
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f229082%2fchange-sql-server-service-account-without-restarting-sql-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
I would not go through group managed service accounts initially, depending on the issue, environment you are dealing with.
I am not sure what version of sql and the type of security issues you have, but from previous experience permissions to sql server service and agent accounts take affect after a restarting of the service.
I would rather use the sql server configuration manager whenever possible
If you are concerned about security you most definetely need to be able to restart this service, and if that is not possible, then your environment is asking for a good availability group configured, so you are always on, because you need to bear in mind you need patching your servers on a regular basis, and that requires reboots most of the time.
Please review what is preventing your from restarting and address that with management.
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
add a comment |
I would not go through group managed service accounts initially, depending on the issue, environment you are dealing with.
I am not sure what version of sql and the type of security issues you have, but from previous experience permissions to sql server service and agent accounts take affect after a restarting of the service.
I would rather use the sql server configuration manager whenever possible
If you are concerned about security you most definetely need to be able to restart this service, and if that is not possible, then your environment is asking for a good availability group configured, so you are always on, because you need to bear in mind you need patching your servers on a regular basis, and that requires reboots most of the time.
Please review what is preventing your from restarting and address that with management.
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
add a comment |
I would not go through group managed service accounts initially, depending on the issue, environment you are dealing with.
I am not sure what version of sql and the type of security issues you have, but from previous experience permissions to sql server service and agent accounts take affect after a restarting of the service.
I would rather use the sql server configuration manager whenever possible
If you are concerned about security you most definetely need to be able to restart this service, and if that is not possible, then your environment is asking for a good availability group configured, so you are always on, because you need to bear in mind you need patching your servers on a regular basis, and that requires reboots most of the time.
Please review what is preventing your from restarting and address that with management.
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
I would not go through group managed service accounts initially, depending on the issue, environment you are dealing with.
I am not sure what version of sql and the type of security issues you have, but from previous experience permissions to sql server service and agent accounts take affect after a restarting of the service.
I would rather use the sql server configuration manager whenever possible
If you are concerned about security you most definetely need to be able to restart this service, and if that is not possible, then your environment is asking for a good availability group configured, so you are always on, because you need to bear in mind you need patching your servers on a regular basis, and that requires reboots most of the time.
Please review what is preventing your from restarting and address that with management.
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
answered Feb 6 at 20:12
marcello miorellimarcello miorelli
5,7751962136
5,7751962136
add a comment |
add a comment |
...for security reasons we want to change the password that starts the sql server service everyday
I realize this is probably outside your control, but it's worth mentioning that this is not a good idea for security. It's a high process overhead for your organization (even if it's generally automated in some way), and it will likely lead to increased chances of some kind of password breach.
Think about it like this: every time you open the bank vault, there is a risk that some malicious person can get inside. Would you rather open the vault every single day and change the locks, or open it occasionally and keep a really big lock on it (long, secure password).
Accessing the password every day (to change it, and then apply it to the service account) is like this. You should very a very secure password over changing the password frequently.
If you are required to do this, though - why don't you want to use SQL Server Configuration Manager? That is the recommended method per the docs:
SQL Server Configuration Manager - Changing the Accounts Used by the Services
Always use SQL Server tools such as SQL Server Configuration Manager to change the account used by the SQL Server or SQL Server Agent services, or to change the password for the account. In addition to changing the account name, SQL Server Configuration Manager performs additional configuration such as setting permissions in the Windows Registry so that the new account can read the SQL Server settings. Other tools such as the Windows Services Control Manager can change the account name but do not change associated settings. If the service cannot access the SQL Server portion of the registry the service may not start properly.
Emphasis added by me. So doing this outside of the service can cause reliability issues with your database engine.
Regarding avoiding a restart, using the configuration manager accomplishes this goal as well:
As an additional benefit, passwords changed using SQL Server Configuration Manager, SMO, or WMI take affect immediately without restarting the service.
Of course, as other answers have mentioned, you should be allowed to restart the service from time to time (Windows Updates, etc).
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
add a comment |
...for security reasons we want to change the password that starts the sql server service everyday
I realize this is probably outside your control, but it's worth mentioning that this is not a good idea for security. It's a high process overhead for your organization (even if it's generally automated in some way), and it will likely lead to increased chances of some kind of password breach.
Think about it like this: every time you open the bank vault, there is a risk that some malicious person can get inside. Would you rather open the vault every single day and change the locks, or open it occasionally and keep a really big lock on it (long, secure password).
Accessing the password every day (to change it, and then apply it to the service account) is like this. You should very a very secure password over changing the password frequently.
If you are required to do this, though - why don't you want to use SQL Server Configuration Manager? That is the recommended method per the docs:
SQL Server Configuration Manager - Changing the Accounts Used by the Services
Always use SQL Server tools such as SQL Server Configuration Manager to change the account used by the SQL Server or SQL Server Agent services, or to change the password for the account. In addition to changing the account name, SQL Server Configuration Manager performs additional configuration such as setting permissions in the Windows Registry so that the new account can read the SQL Server settings. Other tools such as the Windows Services Control Manager can change the account name but do not change associated settings. If the service cannot access the SQL Server portion of the registry the service may not start properly.
Emphasis added by me. So doing this outside of the service can cause reliability issues with your database engine.
Regarding avoiding a restart, using the configuration manager accomplishes this goal as well:
As an additional benefit, passwords changed using SQL Server Configuration Manager, SMO, or WMI take affect immediately without restarting the service.
Of course, as other answers have mentioned, you should be allowed to restart the service from time to time (Windows Updates, etc).
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
add a comment |
...for security reasons we want to change the password that starts the sql server service everyday
I realize this is probably outside your control, but it's worth mentioning that this is not a good idea for security. It's a high process overhead for your organization (even if it's generally automated in some way), and it will likely lead to increased chances of some kind of password breach.
Think about it like this: every time you open the bank vault, there is a risk that some malicious person can get inside. Would you rather open the vault every single day and change the locks, or open it occasionally and keep a really big lock on it (long, secure password).
Accessing the password every day (to change it, and then apply it to the service account) is like this. You should very a very secure password over changing the password frequently.
If you are required to do this, though - why don't you want to use SQL Server Configuration Manager? That is the recommended method per the docs:
SQL Server Configuration Manager - Changing the Accounts Used by the Services
Always use SQL Server tools such as SQL Server Configuration Manager to change the account used by the SQL Server or SQL Server Agent services, or to change the password for the account. In addition to changing the account name, SQL Server Configuration Manager performs additional configuration such as setting permissions in the Windows Registry so that the new account can read the SQL Server settings. Other tools such as the Windows Services Control Manager can change the account name but do not change associated settings. If the service cannot access the SQL Server portion of the registry the service may not start properly.
Emphasis added by me. So doing this outside of the service can cause reliability issues with your database engine.
Regarding avoiding a restart, using the configuration manager accomplishes this goal as well:
As an additional benefit, passwords changed using SQL Server Configuration Manager, SMO, or WMI take affect immediately without restarting the service.
Of course, as other answers have mentioned, you should be allowed to restart the service from time to time (Windows Updates, etc).
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
...for security reasons we want to change the password that starts the sql server service everyday
I realize this is probably outside your control, but it's worth mentioning that this is not a good idea for security. It's a high process overhead for your organization (even if it's generally automated in some way), and it will likely lead to increased chances of some kind of password breach.
Think about it like this: every time you open the bank vault, there is a risk that some malicious person can get inside. Would you rather open the vault every single day and change the locks, or open it occasionally and keep a really big lock on it (long, secure password).
Accessing the password every day (to change it, and then apply it to the service account) is like this. You should very a very secure password over changing the password frequently.
If you are required to do this, though - why don't you want to use SQL Server Configuration Manager? That is the recommended method per the docs:
SQL Server Configuration Manager - Changing the Accounts Used by the Services
Always use SQL Server tools such as SQL Server Configuration Manager to change the account used by the SQL Server or SQL Server Agent services, or to change the password for the account. In addition to changing the account name, SQL Server Configuration Manager performs additional configuration such as setting permissions in the Windows Registry so that the new account can read the SQL Server settings. Other tools such as the Windows Services Control Manager can change the account name but do not change associated settings. If the service cannot access the SQL Server portion of the registry the service may not start properly.
Emphasis added by me. So doing this outside of the service can cause reliability issues with your database engine.
Regarding avoiding a restart, using the configuration manager accomplishes this goal as well:
As an additional benefit, passwords changed using SQL Server Configuration Manager, SMO, or WMI take affect immediately without restarting the service.
Of course, as other answers have mentioned, you should be allowed to restart the service from time to time (Windows Updates, etc).
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
edited Feb 6 at 21:04
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
answered Feb 6 at 20:06
jadarnel27jadarnel27
5,46811937
5,46811937
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
add a comment |
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
If you do the change in SQL Server configuration manager it will inmediately prompt the user the next message "This will cause the service to be restarted. Do you want to continue?"
– Andres Arango
Feb 6 at 20:12
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
Thank you for your answer, you are correct in many points im also against the change of the password specialy every day, but the points you and other users give me, will help to stablish a good discussion of the cons and little benefits this could do
– Andres Arango
Feb 7 at 1:36
add a comment |
for security reasons we want to change the password that starts the sql server service everyday
Why is sql server service restarted everyday ? Just before you restart the service, you can use dbatools - Update-DbaServiceAccount to update the password for the sql server service account.
e.g. Below Changes the current service account's password of the service MSSQL$MYINSTANCE to 'Qwerty1234'
$SecurePassword = ConvertTo-SecureString 'Qwerty1234' -AsPlainText -Force
Update-DbaServiceAccount -ComputerName sql1 -ServiceName 'MSSQL$MYINSTANCE' -SecurePassword $SecurePassword
answered Feb 6 at 20:43
KinKin
53.7k481190
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
add a comment |
for security reasons we want to change the password that starts the sql server service everyday
Why is sql server service restarted everyday ? Just before you restart the service, you can use dbatools - Update-DbaServiceAccount to update the password for the sql server service account.
e.g. Below Changes the current service account's password of the service MSSQL$MYINSTANCE to 'Qwerty1234'
$SecurePassword = ConvertTo-SecureString 'Qwerty1234' -AsPlainText -Force
Update-DbaServiceAccount -ComputerName sql1 -ServiceName 'MSSQL$MYINSTANCE' -SecurePassword $SecurePassword
answered Feb 6 at 20:43
KinKin
53.7k481190
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
add a comment |
for security reasons we want to change the password that starts the sql server service everyday
Why is sql server service restarted everyday ? Just before you restart the service, you can use dbatools - Update-DbaServiceAccount to update the password for the sql server service account.
e.g. Below Changes the current service account's password of the service MSSQL$MYINSTANCE to 'Qwerty1234'
$SecurePassword = ConvertTo-SecureString 'Qwerty1234' -AsPlainText -Force
Update-DbaServiceAccount -ComputerName sql1 -ServiceName 'MSSQL$MYINSTANCE' -SecurePassword $SecurePassword
answered Feb 6 at 20:43
KinKin
53.7k481190
for security reasons we want to change the password that starts the sql server service everyday
Why is sql server service restarted everyday ? Just before you restart the service, you can use dbatools - Update-DbaServiceAccount to update the password for the sql server service account.
e.g. Below Changes the current service account's password of the service MSSQL$MYINSTANCE to 'Qwerty1234'
$SecurePassword = ConvertTo-SecureString 'Qwerty1234' -AsPlainText -Force
Update-DbaServiceAccount -ComputerName sql1 -ServiceName 'MSSQL$MYINSTANCE' -SecurePassword $SecurePassword
answered Feb 6 at 20:43
KinKin
53.7k481190
answered Feb 6 at 20:43
KinKin
53.7k481190
answered Feb 6 at 20:43
KinKin
53.7k481190
answered Feb 6 at 20:43
KinKin
53.7k481190
53.7k481190
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
add a comment |
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
Interesting I'll check this one
– Andres Arango
Feb 7 at 1:37
add a comment |
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f229082%2fchange-sql-server-service-account-without-restarting-sql-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
You might want to consider this Group Managed Service Accounts (gMSA) and SQL Server 2016
– SqlWorldWide
Feb 6 at 19:54
1
This sounds like a classic XY problem - add details to your question showing what security issue you are attempting to alleivate, why you want to change the password every day, and what you think that will buy you without restarting the instance.
– Max Vernon
Feb 6 at 21:03
To further the "XY Problem" comment, why are you using a service account with a password in the first place? Best practice is to use a virtual account (or NETWORK SERVICE if using Windows Server 2008). See docs.microsoft.com/en-us/sql/database-engine/configure-windows/…
– Greenstone Walker
Feb 6 at 22:44