Using SQL Privileged Account for RPC

Overview

This document enables you to password change SQL accounts using a privileged account. This allows you to take over accounts without knowing their password.

Task 1: Creating an Account

  1. Open SQL Server Management Studio.
  2. Connect to your database server.
  3. Expand the root-level security folder.
  4. Right click the Logins folder.
  5. Click New login.
  6. Name the account.
  7. Click SQL Authentication.
  8. Go to Secret Server.
  9. Create a secret using the SQL Server Account template. Give it the same username as the login name you are creating.
  10. For best security, click the Generate button on the secret password field.
  11. Copy the generated password to the account creation wizard in SQL Server Management Studio.
  12. Click OK.
  13. Save your secret.

Task 2: Assigning Permissions

  1. Right click on the SQL login and click Properties.
  2. Select Securables in the left column.
  3. Select Grant for Alter any login.

Task 3: Using the Account

  1. In Secret Server, select the SQL account secret you are going to have represent your new privileged account.
  2. Select the Remote Password Changing tab and click Edit.
  3. Click the Change Password Using selection button and select Privilege Account Credentials.
  4. Click the No Selected Secret link.
  5. Find and select the secret created for the privileged account in the first task.
  6. Click the Save button.
  7. Click the Change password remotely button.
  8. Provide or generate a new password.
  9. Click the Change button. You have now successfully changed a SQL account password using a privileged account.
You can also assign the account for use by multiple secrets by creating a secret policy and applying that policy to a folder.