Today is once again TSQL Tuesday. This month the event and topic are being hosted by Sebastian Meine (blog | twitter). You can read all about the topic this month on his blog inviting all to participate.
Despite Sebastian being a real cool kid, I was not too hip to the topic this month. Not because it is a bad topic or anything, it’s just that I really had nothing that seemed to stand out as easy to write for the blog party.
Then all of a sudden, a nice fat, juicy pork chop landed right in my lap.
The Pork Chop
A client requested that I make some changes to a task on a development server for them. As it happens, the task is a powershell script that was being run on a schedule via a Scheduled Task in the Windows “Scheduled Tasks” control panel. Making the requested change is a no-brainer of a change – or it should have been.
The change was to change the owner/executor of the scheduled task to the service account for the SQL Service. By doing that, they would be less likely for the job to fail in the future due to an employee leaving the company.
As luck would have it the client DBA happened to know the password for the service account. When changing the task to use the service account with the supplied password, we soon discovered that the supplied password caused the service account to become locked. OUCH!
Maybe it was just fat fingered? Nope, no dice! As it turns out the DBA had the incorrect password and did not know the correct password. Worse, nobody else knew what the correct password was. Due to this issue, I proposed that the sysadmins and I work together to get the password changed. That is to be done at a future date.
In addition to this, we decided that the passwords need to be more accurately documented. These should be stored in an encrypted vault (the application is your choice). But the mere use of an encrypted vault is far better than the use of a sticky note to document passwords (and I have seen that far too often at client sites).
This is just a short and sweet post for the day. I think that it demonstrates problems that can arise from bad password management and also the risks that could come from that password management. In our case, it was at least a Dev server with minimal users.