locked
Passwords of certain built-in sql server users RRS feed

  • Question

  • Hello,

    I am referring to the following users. One of the security scanning program has listed the password for these accounts as having passed the due date (passed certain number of days set in the scanning software) for some of the SQL2k12 servers. Some of these sql servers do have SSIS, SSAS and SSRS services running as well.

    ##MS_SSISServerCleanupJobLogin##

    ##MS_PolicyEventProcessingLogin##

    ##MS_dqs_db_owner_login##

    ##MS_dqs_service_login##

    Question is whether it is OK to change the password for these users and if so, what will be the impact on the respective services?

    Will greatly appreciate your early, clear response.

    Thanks.

    Victor


    Victor

    Friday, August 10, 2018 12:07 AM

Answers

  • Thanks to all those who responded. Glad that there is a consensus on this. Will deal with accordingly.

    Thanks again!

    Victor


    Victor

    • Marked as answer by vr123 Friday, August 10, 2018 5:43 PM
    Friday, August 10, 2018 5:43 PM

All replies

  • MS_SSISServerCleanupJobLogin is created by SQL Server to run SSIS Maintenance Plan, This login is only for internal use by SSIS , I would not change the pass for all those logins ##MS_dqs_db_owner_login## ##MS_dqs_service_login## Those above related to Data Quality Services. Are you using that service ?

    Best Regards,Uri Dimant SQL Server MVP, http://sqlblog.com/blogs/uri_dimant/

    MS SQL optimization: MS SQL Development and Optimization
    MS SQL Consulting: Large scale of database and data cleansing
    Remote DBA Services: Improves MS SQL Database Performance
    SQL Server Integration Services: Business Intelligence

    Friday, August 10, 2018 4:39 AM
  • Hi Victor,

     

    >>Question is whether it is OK to change the password for these users and if so, what will be the impact on the respective services?

     

    These login with names enclosed by double hash marks (##) are for internal system use only. These principals are created from certificates and do not have passwords that can be changed by administrators as they are based on certificates issued to Microsoft.

     

    Besides, we are not specific about the password list of these accounts which is got via security scanning program, if it is convenient, could you please tell us more information about the program.

     

    Best Regards,

    Emily


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com



    Friday, August 10, 2018 8:08 AM
  • Hello,

    I am referring to the following users. One of the security scanning program has listed the password for these accounts as having passed the due date (passed certain number of days set in the scanning software) for some of the SQL2k12 servers. Some of these sql servers do have SSIS, SSAS and SSRS services running as well.

    I would leave them alone. I am afraid that something might break if you change them. Like others have said, they're internal to SQL Server and are certificate-based logins and are created when SQL is installed. 

    You can justify by giving the reason that they're not human users and try skipping them on the scan tool.


    Please remember to click "Mark as Answer" if my response answered your question or click "Vote as helpful" if it helped you in any way.

    Friday, August 10, 2018 5:15 PM
  • Your scanner needs to exclude ## login names.  Those are internal users and are internally managed by the SQL Server service and have extremely limited access to do required tasks.


    Friday, August 10, 2018 5:36 PM
  • Thanks to all those who responded. Glad that there is a consensus on this. Will deal with accordingly.

    Thanks again!

    Victor


    Victor

    • Marked as answer by vr123 Friday, August 10, 2018 5:43 PM
    Friday, August 10, 2018 5:43 PM
  • Thanks to all those who responded. Glad that there is a consensus on this. Will deal with accordingly.

    Thanks again!

    Victor


    Victor

    Glad the responses helped. btw, I see that you marked your own response as the answer and not the ones that actually helped.

    Please remember to click "Mark as Answer" if my response answered your question or click "Vote as helpful" if it helped you in any way.

    Friday, August 10, 2018 5:48 PM