.

SQL password hardening through GPO

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Fri Mar 29, 2013 12:39 am

SQL password hardening through GPO

Hi,
In my 20000+ systems environment nearly 5000 system are installed with SQL servers.
My challenges are most of the System users are misconfiguring the SQL by weak password for SA also for any Database instances.
Looking for centrally managed solutions either by GPO ..
Any suggestions

Thnks in advance
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Apr 02, 2013 9:13 pm

Re: SQL password hardening through GPO

Sounds like a lack of security policy to me more than a problem with controlling the configurations.  If you want to fire fight you can sit there and think of ways to configure the systems properly.  If you need to be compliant with some sort of PCI/HIPAA/SOX etc...  then you can leverage those to get policies written that enforce the proper configurations of systems whether they be Oracle/MSSQL/Postgres or whatever flavor of database platform you want to allow users to use.  Once you have the policy and buy-in from management, then I would work on the clean-up.  This way you ensure any new instances that get stood up are properly configured.  Now is this 20000+ Servers?  Or total systems including workstations? 

This is a bit old, but it may help: http://blogs.msdn.com/b/sqlsecurity/arc ... ogins.aspx

You also may need to hunt down some SQL GPO templates.  Good luck!
Certs: GCWN
(@)Dewser
<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Tue Apr 09, 2013 6:20 am

Re: SQL password hardening through GPO

Mostly this are client machines...
Got to know Configuring the the SQL authenctication to windows authentication may help to tackle password issue..
I tried configuring the registry via batch file, and assigned schedule task executing every hour through GPO...which is failing..
currently troubleshooting the same
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Apr 09, 2013 7:29 pm

Re: SQL password hardening through GPO

Ok, well 20K is probably a good size enterprise.  Why so much SQL?  Is there a business need?  Seems a bit excessive.  Only normal reasoning I could see is if you installed Business Contact Manager for Office or you are a major dev shop. 
Certs: GCWN
(@)Dewser

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software