Using an SQL Privileged Account for RPC

This procedure enables you to password change SQL accounts using a privileged account. This allows you to take over accounts without knowing their password.

Task 1: Creating an Account

1. Open the SQL Server Management Studio.
2. Connect to your database server.
3. Expand the root-level security folder.
4. Right click the Logins folder.
5. Click New login.
6. Name the account.
7. Click SQL Authentication.
8. Go to Secret Server.
9. Create a secret using the SQL Server Account template. Give it the same username as the "New Login" you are trying to create in the SQL Server Management Studio.
10. Click the Generate button on the secret password field enhanced security.
11. Copy the generated password to the account creation wizard in the SQL Server Management Studio.
12. Click Create Secret to save your secret.

Task 2: Assigning Permissions

1. Return to the SQL Server Management Studio and connect to your database server.

2. Right-click on the SQL login you created in task 1 and click Properties.
3. Select Securables in the left column.
4. Select Grant for Alter any login.

Task 3: Using the Account

1. In Secret Server, select the SQL account secret you are going to have represent your new privileged account.
2. Select the Remote Password Changing tab.
3. Click Edit in the RPC / AutoChange section.
4. Change from the Change Password Using default selection to Privilege Account Credentials option.
5. Click the No Selected Secret link that appears.
6. Find and select the secret created for the privileged account in the first task.
7. Click the Save button.
8. Click the Change password now button.
9. In the Next Password dropdown select either Manual or Randomly generated.
   1. If you selected Manual, provide a new password and click Change Password.
   2. If you selected Randomly generated, the default option, just click the Change Password button.
10. You have now successfully changed a SQL account password using a privileged account.