April 5, 2016 at 8:33 am
jasona.work (4/4/2016)
Ugh...We're required to change the passwords on our various service accounts on a regular basis...
I've got 46 and counting so far to work on...
Plus migrating to new servers, plus an off-site class for a week, plus a few days off later this month, plus every other week I get Fridays off, plus some additional in-office classes...
Add on top of that making sure there's time to make sure nothing breaks when some of the accounts get changed because they're the proxies for SSIS packages and such...
That's partly why on the new servers, I'm going to set them up with the Virtual Accounts (our domain isn't, and won't be, set up for Managed Service Accounts, dang it,) and where-needed switch to domain service accounts...
Thank you, this has been a test of the DBA Whine System...
Same pwd or different? Either way, we used to script this, with the seed of a random sentence, and then add some characters for each account. We'd then get a list back, paste that in the password manager, and move on.
April 5, 2016 at 9:43 am
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.
The absence of evidence is not evidence of absence
- Martin Rees
The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
- Phil Parkin
April 5, 2016 at 9:54 am
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.
I had the thought recently of putting Gail up for sainthood as I have been reading a thread that she has been overly patient with the person. Man I wish I had teachers like her, I might have actually learned something. 🙂
April 5, 2016 at 10:07 am
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.
I don't know whether it's more funny or sad. I'm leaning toward sad. I'm so tempted to suggest that he contact his DBA. 😉
April 5, 2016 at 10:13 am
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.
Oh god...
"The delete works sometimes"
... Surely, please, tell me this person is not being paid.
LIE TO ME!
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
April 5, 2016 at 10:28 am
Grant Fritchey (4/5/2016)
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.Oh god...
"The delete works sometimes"
... Surely, please, tell me this person is not being paid.
LIE TO ME!
Sorry, nope, can't do that...
As soon as I looked and saw who started that, I knew it was going to be a long downhill slide...
Now to go read it, just to see how off-the-rails it is...
April 5, 2016 at 10:35 am
Steve Jones - SSC Editor (4/5/2016)
jasona.work (4/4/2016)
Ugh...We're required to change the passwords on our various service accounts on a regular basis...
I've got 46 and counting so far to work on...
Plus migrating to new servers, plus an off-site class for a week, plus a few days off later this month, plus every other week I get Fridays off, plus some additional in-office classes...
Add on top of that making sure there's time to make sure nothing breaks when some of the accounts get changed because they're the proxies for SSIS packages and such...
That's partly why on the new servers, I'm going to set them up with the Virtual Accounts (our domain isn't, and won't be, set up for Managed Service Accounts, dang it,) and where-needed switch to domain service accounts...
Thank you, this has been a test of the DBA Whine System...
Same pwd or different? Either way, we used to script this, with the seed of a random sentence, and then add some characters for each account. We'd then get a list back, paste that in the password manager, and move on.
Every account requires a "different" password...
Of course, the last time we went through this, the folks in the network center created the passwords, something like this (NOT the actual passwords used!):
P@ssW0rD_001!@#$
P@ssW0rD_002!@#$
P@ssW0rD_003!@#$
etc...
I've already broken the list up into digestible chunks that are small enough to change in a couple hours, and big enough to get done in a couple weeks (allowing for various and sundry short work weeks, weeks when I won't be in the office, etc.)
At the suggestion of one of the guys in the back, I'll whip up a list for them to work from, including new passwords to use.
April 5, 2016 at 10:35 am
Steve Jones - SSC Editor (4/5/2016)
jasona.work (4/4/2016)
Ugh...We're required to change the passwords on our various service accounts on a regular basis...
I've got 46 and counting so far to work on...
Plus migrating to new servers, plus an off-site class for a week, plus a few days off later this month, plus every other week I get Fridays off, plus some additional in-office classes...
Add on top of that making sure there's time to make sure nothing breaks when some of the accounts get changed because they're the proxies for SSIS packages and such...
That's partly why on the new servers, I'm going to set them up with the Virtual Accounts (our domain isn't, and won't be, set up for Managed Service Accounts, dang it,) and where-needed switch to domain service accounts...
Thank you, this has been a test of the DBA Whine System...
Same pwd or different? Either way, we used to script this, with the seed of a random sentence, and then add some characters for each account. We'd then get a list back, paste that in the password manager, and move on.
So how big of a gap do you see using AD accounts locked to what they need with non- expiring passwords?
These accounts are not able to change the password, and any failures are logged and reviewed.
This was for our DW, which had just Sales and Production numbers, no Salary, SSN, CC info, etc.
I'd think that in some environments, there can be more risk to the business with the churn of changing if you are doing some other audits and the account can still get locked out.
Password managers - in some respects - can be a honeypot.
As well as any account allowed to impersonate.
Thoughts?
April 5, 2016 at 10:35 am
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.
I constantly avoid that person's threads. It doesn't matter if it seems like a simple problem, the lack of common sense is great on this one.
April 5, 2016 at 10:40 am
Luis Cazares (4/5/2016)
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.I constantly avoid that person's threads. It doesn't matter if it seems like a simple problem, the lack of common sense is great on this one.
I am right there with you Luis. I refuse to even comment on one their threads. The level of sheer incompetence, unwillingness to attempt to think or learn, and the overall level of anger that we can't read their mind is beyond reproach. There are plenty of other people out there who actually need help because they are trying to figure it out and are willing to work at it.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
April 5, 2016 at 10:41 am
Sean Lange (4/5/2016)
Luis Cazares (4/5/2016)
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.I constantly avoid that person's threads. It doesn't matter if it seems like a simple problem, the lack of common sense is great on this one.
I am right there with you Luis. I refuse to even comment on one their threads. The level of sheer incompetence, unwillingness to attempt to think or learn, and the overall level of anger that we can't read their mind is beyond reproach. There are plenty of other people out there who actually need help because they are trying to figure it out and are willing to work at it.
Ditto
😎
April 5, 2016 at 10:42 am
Luis Cazares (4/5/2016)
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.I constantly avoid that person's threads. It doesn't matter if it seems like a simple problem, the lack of common sense is great on this one.
Usually, so do I. But this time ... it all seemed so simple. Will I ever learn?
The absence of evidence is not evidence of absence
- Martin Rees
The absence of consumable DDL, sample data and desired results is, however, evidence of the absence of my response
- Phil Parkin
April 5, 2016 at 10:57 am
Phil Parkin (4/5/2016)
Luis Cazares (4/5/2016)
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.I constantly avoid that person's threads. It doesn't matter if it seems like a simple problem, the lack of common sense is great on this one.
Usually, so do I. But this time ... it all seemed so simple. Will I ever learn?
Read error message, repeat same process. Repeat question.
It can be simple. Or is that simply predictable in some cases?
Fingers have a nail on them, which must be why they are easy to hit with a hammer.
Common sense, right?
April 5, 2016 at 11:05 am
Grant Fritchey (4/5/2016)
Phil Parkin (4/5/2016)
Gail and I are gamely persevering with this one. I think my pressure limit has been reached now, though.Oh god...
"The delete works sometimes"
... Surely, please, tell me this person is not being paid.
LIE TO ME!
This person is working in a volunteer position that does not pay.
This person is a guest lecturer at <insert name here> University and is doing it out of the free will and loving care of her heart.
This person works for a psychological study for which he is not being paid. The study is purely volunteer effort and studies the effects of millenials interacting with people who believe in working hard for their earnings. (Don't you guys really feel goated now?)
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
April 5, 2016 at 11:09 am
jasona.work (4/5/2016)
Steve Jones - SSC Editor (4/5/2016)
jasona.work (4/4/2016)
Ugh...We're required to change the passwords on our various service accounts on a regular basis...
I've got 46 and counting so far to work on...
Plus migrating to new servers, plus an off-site class for a week, plus a few days off later this month, plus every other week I get Fridays off, plus some additional in-office classes...
Add on top of that making sure there's time to make sure nothing breaks when some of the accounts get changed because they're the proxies for SSIS packages and such...
That's partly why on the new servers, I'm going to set them up with the Virtual Accounts (our domain isn't, and won't be, set up for Managed Service Accounts, dang it,) and where-needed switch to domain service accounts...
Thank you, this has been a test of the DBA Whine System...
Same pwd or different? Either way, we used to script this, with the seed of a random sentence, and then add some characters for each account. We'd then get a list back, paste that in the password manager, and move on.
Every account requires a "different" password...
Of course, the last time we went through this, the folks in the network center created the passwords, something like this (NOT the actual passwords used!):
P@ssW0rD_001!@#$
P@ssW0rD_002!@#$
P@ssW0rD_003!@#$
etc...
I've already broken the list up into digestible chunks that are small enough to change in a couple hours, and big enough to get done in a couple weeks (allowing for various and sundry short work weeks, weeks when I won't be in the office, etc.)
At the suggestion of one of the guys in the back, I'll whip up a list for them to work from, including new passwords to use.
I our case, the network people would only create the account.
And no spreadsheets / lists were ever passed around, especially with consecutive combinations.
Each account had a random and unique combination.
Viewing 15 posts - 53,371 through 53,385 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply