Creating and Using a SQL Server Privileged Account
Overview
This document enables a user to password change SQL accounts using a privileged account. Enabling the takeover of those accounts without knowing their password.
Procedure
Task 1: Creating an Account
-
Open SQL Server Management Studio and connect to your database server.
-
Expand the root level security folder.
-
Right click on the Logins folder and select New Login.
-
Type the account's login name in the Login Name text box.
-
Click to select the SQL Authentication selection button.
-
Go to Secret Server.
-
Create a secret using the SQL Server Account template.
-
Give it the same username as the login name you just created.
-
For best security, click the Generate button on the secret password field and copy that password to the account creation wizard in SQL Server Management Studio.
-
Click OK button to save your secret.
Task 2: Assigning Permissions
-
Return to SQL Server Management Studio and connect to your database server.
-
Right click the SQL login and click Properties.
-
Select Securables in the left column.
-
In the Permissions table on the Explicit tab, click to select the Grant check box for the Alter any login row.
-
Click the OK button.
Step 3: Using the Account
-
In Secret Server, select the SQL account secret for your new privileged account.
-
Select the Remote Password Changing tab.
-
Click the Edit button.
-
Click to select Privileged Account Credentials on the Change Password Using selection button.
-
Click the No Selected Secret link. The Select a Secret popup appears.
-
Locate and select the secret you created earlier in the folder tree.
-
Click the Save button. The popup disappears.
-
Click the Change Password Remotely button.
-
Provide or generate a new password.
-
Click the Change button. You have now successfully changed a SQL account password using a privileged account.
