how to retrieve a non sa password in SQL Server?

sql-server sql-server-2008 password-recovery
LaBracca picture LaBracca · Apr 28, 2011 · Viewed 64.9k times · Source

Is it possible to retrieve (if the user has sa rights) the password of a user in SQL Server 2008 R2?

The scenario is this: I need to automatically store in a document the list of all usernames and passwords, but without changing the password, just reading the actual password.

Is this possible or not?

Answer

gbn picture gbn · Apr 28, 2011

Yes you can for SQL logins.

You read the hashed passwords sys.sql_logins (maybe only via the DAC) and use a tool like NGS SQLCrack.

However, there is almost no requirement ever to keep these in a document.

For Windows based logins, no. The password is in AD.

And read this: "What are the arguments for and against a network policy where the sys admin knows users passwords?"

Related questions

How can I get column names from a table in SQL Server?

I want to query the name of all columns of a table. I found how to do this in: Oracle MySQL PostgreSQL But I also need to know: how can this be done in Microsoft SQL Server (2008 in my case)?

Read More
How to Delete using INNER JOIN with SQL Server?

I want to delete using INNER JOIN in SQL Server 2008. But I get this error: Msg 156, Level 15, State 1, Line 15 Incorrect syntax near the keyword 'INNER'. My code: DELETE FROM WorkRecord2 INNER JOIN Employee ON EmployeeRun=EmployeeNo WHERE Company = '1' …

Read More
How to check if a column exists in a SQL Server table?

I need to add a specific column if it does not exist. I have something like the following, but it always returns false: IF EXISTS(SELECT * FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'myTableName' AND COLUMN_NAME = 'myColumnName') How can …

Read More