Re: service account expiring passwords

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 09/24/04 

Date: Thu, 23 Sep 2004 21:28:27 -0500

Below is a VBScript that uses WMI to change the password for the specified
account for all services on the specified servers. Personally, I assign a
strong password and set the policy to never expire.

Option Explicit
Dim ServerName, Messages

' *** specify Windows account and new password here ***
Const StartName = "MyDomain\MyAccount" 'Windows service account name
Const NewPassword = "MyPassword"

' *** call for each server
Call ChangeServerServicePasswords("MyServer1")
Call ChangeServerServicePasswords("MyServer2")

WScript.Echo Messages

Sub ChangeServerServicePasswords(ServerName)

    Dim SQL, oWin32_Services, oWin32_Service

    'select all services running under this account
    SQL = "SELECT * FROM Win32_Service WHERE StartName = '" & _
        Replace(StartName, "\", "\\") & "'"

    Set oWin32_Services = _
        GetObject("winmgmts:{impersonationLevel=impersonate}!//" & _
        ServerName & _
        "/root/cimv2").ExecQuery(SQL, , 48)

    For Each oWin32_Service In oWin32_Services
        Call ChangeServicePassword(oWin32_Service)
    Next

End Sub

Sub ChangeServicePassword(oWin32_Service)
    Dim intResult

    intResult = oWin32_Service.Change( , , , , , , , NewPassword)

    If intResult = 0 Then
        Messages = Messages & oWin32_Service.SystemName & _
        " " & _
        oWin32_Service.Caption & _
        " service account password changed for account " & _
        oWin32_Service.StartName & vbcrlf
    Else
        Messages = Messages & oWin32_Service.SystemName & _
        " " & _
        oWin32_Service.Caption & _
        " service account password change failed for account " & _
        oWin32_Service.StartName & _
        ". Win32_Service.Change result is " & _
        CStr(intResult) & vbcrlf
    End If

End Sub 

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"jason" <jason@discussions.microsoft.com> wrote in message 
news:CFFC65B4-3625-4E83-9470-741166CE67D8@microsoft.com...
>I want to using a windows AD account to run the sql server and agent 
>services
> that has an expiring password.  Issue is that when that passowrd expires 
> and
> then the servers is rebooted...the sql server service won't start.
>
> any ideas on how i can deal with this situation in a secure fashion, but
> without manual intervetion?

Relevant Pages

  • Re: Compromise?
    ... Yes, if you don't provide a password on your SA account, anybody able to run ... and connect now has complete control over your SQL Server. ... Server has. ...
    (microsoft.public.sqlserver.security)
  • Re: Windows Auth to SQL Server from ATL Web Service not working...
    ... account I'm logged on as. ... SQL on a different box from my web service in an Atl Server web ... impersonation token is not passed on to the SQL Server. ... Event Category: Account Logon ...
    (microsoft.public.vc.atl)
  • Re: Discussing 3 different strategies for deleting from multiple tables
    ... I will be using SQL Server but I am riding on top of a third party ... FYI, Account contains around 20K ... >>> This results in one parameterized query followed by two more trips to ...
    (microsoft.public.data.ado)
  • RE: connection problems in secondary site and SQL server
    ... Do you have a Windows 2003 server anywhere in your environment? ... i can't add this account to this group. ... SMS Management Point encountered an error when connecting to its Database ... SMS on SQL Server My_Primary_SMS_Server. ...
    (microsoft.public.sms.admin)
  • RE: MP Install issue
    ... Will setting the SPN on the domain account fix the communication issue ... >> MPDB ERROR - CONNECTION PARAMETERS ... >> with a trusted SQL Server connection. ...
    (microsoft.public.sms.setup)