Login or Sign Up to become a member!
LessThanDot Site Logo

LessThanDot

A Technical Community for IT Professionals

Less Than Dot is a community of passionate IT professionals and enthusiasts dedicated to sharing technical knowledge, experience, and assistance. Inside you will find reference materials, interesting technical discussions, and expert tips and commentary. Once you register for an account you will have immediate access to the forums and all past articles and commentaries.

LTD Social Sitings

Lessthandot twitter Lessthandot Linkedin Lessthandot facebook Lessthandot rss

Note: Watch for social icons on posts by your favorite authors to follow their postings on these and other social sites.

Highly Rated Users

Forum
No Posts Rated

Top 50
Given
Received

Links

Wiki
Blog

Forum Statistics

Users
Members:
1879
Members Online:
1
Guests Online:
61

Total Post History
Posts:
81448
Topics:
18714

7-Day Post History
New Posts:
0
New Topics:
0
Active Topics:
0

Our newest member
mwojcik

Other

FAQ
All times are UTC [ DST ]

Google Ads

User Mapping

Microsoft SQL Server
Please wait...

User Mapping

Postby billhealy on Wed Dec 26, 2012 4:58 pm

New administrator here. I have an application which has an admin SQL account that handles a bunch of automated tasks for the application. From time to time the users have to login with this account and do some maintenance. The things they need to do can ONLY be done with this special admin account.

The users have lost the password for this admin account. If I change reset the password I will "break" many of the functions of this application and they will be forced to reinstall the app.

Is it better for me to try to crack the password with one of the brute force crackers out there or is there a way for me to map one of the windows login users to this admin SQL user account so that they can login as themselves and be able to do what they need to do? Or perhaps there's another option I'm not aware of.

Thanks in advance for any help.
billhealy
Newbie
Newbie
 
Posts: 2
Joined: Wed Dec 26, 2012 4:49 pm
Unrated

Re: User Mapping

Postby onpnt on Wed Dec 26, 2012 5:56 pm

I'd recommend changing the password. You can "map" an account but I don't see what that will gain. If the account is sql authentication and that is what they use, change the password on SQL Server, have them login with the new password and then figure out where they can place the new password so it takes affect for the automated tasks you say it will break.

If the application doesn't allow this, you need to call the vendor because that is jacked up :) What application is it?

In no way would I "crack" anything and in all my years of experience and something like this happening there would be no way I would allow something like to occur on an instance I was in charge of.
Tarwn: Yeah yeah, all you do is SELECT * all day long and say "no" to people...Life of a DBA
User avatar
onpnt
LTD Admin
LTD Admin
LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623
LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623
 
Posts: 1608
Joined: Tue Oct 09, 2007 5:23 pm
Location: Kenosha, WI

Re: User Mapping

Postby billhealy on Wed Dec 26, 2012 6:02 pm

The application is an ArcGIS application and the user is a system user that is created before installation and used/specified during the installation. I agree that there should be some way to change this password in the application so that I could just reset it, but the "experts" here with the application seem to think that's not an option.

So if I have a SQL login called sde, with all of the rights and permissions needed to do the specific application tasks/services, and I have a windows login called domain/winuser, is there not a way for me to map that windows login to the SQL login so that when domain/winuser logs in he can act as if he were sde?
billhealy
Newbie
Newbie
 
Posts: 2
Joined: Wed Dec 26, 2012 4:49 pm
Unrated

Re: User Mapping

Postby SQLDenis on Wed Dec 26, 2012 6:05 pm

Look at the app config files, most likely it is stored in cleartext. Otherwise contact the vendor and ask what the password is. Another option would be trying to sniff the password that is sent to sql server over the connection
User avatar
SQLDenis
LTD Admin
LTD Admin
LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467
LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467
LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467
 
Posts: 21784
Joined: Wed Oct 10, 2007 6:43 pm
Location: Princeton, New Jersey, USA,World, Solar System, Milky Way, Universe and Beyond
Unrated

Re: User Mapping

Postby SQLDenis on Wed Dec 26, 2012 6:07 pm

Can't you create a new account with the same privileges and then have them use that only for maintenance?
User avatar
SQLDenis
LTD Admin
LTD Admin
LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467
LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467
LTD Gold - Rating: 3467LTD Gold - Rating: 3467LTD Gold - Rating: 3467
 
Posts: 21784
Joined: Wed Oct 10, 2007 6:43 pm
Location: Princeton, New Jersey, USA,World, Solar System, Milky Way, Universe and Beyond
Unrated

Re: User Mapping

Postby onpnt on Wed Dec 26, 2012 6:09 pm

Not the way you are kind of magically thinking it would work. Even if you could impersonate, you'd need to add the password for the account at mapping time. If you had that, you wouldn't be in this. If you could map that easily, SQL Server wouldn't be all that secure.
Tarwn: Yeah yeah, all you do is SELECT * all day long and say "no" to people...Life of a DBA
User avatar
onpnt
LTD Admin
LTD Admin
LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623
LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623
 
Posts: 1608
Joined: Tue Oct 09, 2007 5:23 pm
Location: Kenosha, WI
Unrated

Re: User Mapping

Postby onpnt on Wed Dec 26, 2012 6:10 pm

There is an entire section on recovering passwords
http://webhelp.esri.com/arcgisserver/9. ... _users.htm

Business users are not technical experts typically. they simply know how to use an application. Unless the individuals you mentioned are IT business analysts or such. Either way, I'd go through the doc in that link if not already attemtped
Tarwn: Yeah yeah, all you do is SELECT * all day long and say "no" to people...Life of a DBA
User avatar
onpnt
LTD Admin
LTD Admin
LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623
LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623LTD Silver - Rating: 623
 
Posts: 1608
Joined: Tue Oct 09, 2007 5:23 pm
Location: Kenosha, WI
Unrated