Encrypted Packages

  • Hey I have an envrypted SSIS package that is using the EncryptSensitiveWithUserKey protection level setting...and it will not open...gives me lots of errors...I just downloaded the source from VSS but I still can't open it.

    How can I open this so I can make some changes?

    -chris

  • What are the errors that you get?

    Pradeep Adiga
    Blog: sqldbadiaries.com
    Twitter: @pradeepadiga

  • Error1Error loading ACCTG_ROLLUP_POSTER_2.dtsx: Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available. c:\projects\outlooksoftpackages\osoft 2\osoft drill thru poster\ACCTG_ROLLUP_POSTER_2.dtsx11

  • This is because the ProtectionLevel property is set to EncryptSensitiveWithUserKey by default. Open the package as the user who created it/on the machine it was created and modify the ProtectionLevel property

    Pradeep Adiga
    Blog: sqldbadiaries.com
    Twitter: @pradeepadiga

  • Thanks..but he is no longer with the company and his machine has been wiped and is not available...can I open the package as XML in notepad and change that setting and then resave it?

  • Please check if DTUtil is of use.

    Pradeep Adiga
    Blog: sqldbadiaries.com
    Twitter: @pradeepadiga

  • chris.thornburg (8/18/2010)


    Thanks..but he is no longer with the company and his machine has been wiped and is not available...can I open the package as XML in notepad and change that setting and then resave it?

    His machine isn't necessarily important.. If this was a domain user AND that user still exists, then get it reactivated, change its password and log into YOUR machine as him. Then you can access the package correctly.

    I generally take to position that I NEVER save an sensitive information in a package so that this never happens. but thats me..

    CEWII

  • AWESOME!!!

    Okay I just spoke with our Admin and he will activate the user tomorrow morning and I can try it.

    Thank you.

  • Been there, done that..

    CEWII

  • Well I think the account have been deleted ...so do you think it will work to recreate the account?

  • That I don't know, it depends on what it used to do the encryption, if it just used something like domain\user then it will prbably work, if it used the SID then no, it won't. I don't think the details of exactly how it is encrypted are public.

    Sorry.

    CEWII

  • I've got a horrible feeling for you that the new user will not allow access. Otherwise the new postroom worker Chris Smith would be able to access the sensitive data in the SSIS package created by the developer of 5 years ago Chris Smith.

    I think your network guys should be shot for deleting the user rather than just disabling his account! Bye bye Audit trails!

  • This is my feeling as well. Although I think that the concern by Shark Energy is overstated. The new Chris Smith could potentially access to "sensitive" information provided he had access to the package. I know that almost everywhere else in windows that the SID is used to restrict access, therefore recreating the user does not recreate the access. But in this case it isn't so much access as decryption.. Since I have no solid details about how SSIS does this I can't take a position on what will happen here.. Sounds like I need to do an experiment..

    CEWII

Viewing 13 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic. Login to reply