SQL Server Local Account Passwords

Check Description

This check identifies any blank or simple passwords for each local Microsoft® SQL Server™ account on the computer.

Microsoft Windows® Server 2003, Windows XP, Windows 2000, and Windows NT® operating systems all require user authentication through passwords. In general, users are permitted to choose their own passwords. The security of their account depends on the choice of the password. This check enumerates all user accounts and checks for the following password conditions:

• Password is blank.
• Password is the same as the user account name.
• Password is the same as the machine name.
• Password uses the word "password."
• Password uses the word "sa."
• Password uses the word "admin" or "administrator."

This check also notifies you of any accounts that have been disabled or are currently locked out.

Note

• Microsoft Baseline Security Analyzer does not attempt to crack passwords during this check, and instead attempts a password change request using each condition in the preceding list. Account lockout policy counts will be reset if in effect on the scanned machine.

Additional Information

Implementing Guidelines for Strong Passwords

Assigning an sa Password

©2002-2004 Microsoft Corporation. All rights reserved.