March 4, 2019 at 2:41 am
hi
we're going through a password change policy - to make things more complex. Only 200 to change.
SQL service accounts - easy to change the password through Config manager - no restart of service etc (except on cluster)
SSRS - easy to change the password through reporting config manager - make sure you have a encryption key back up just in case
SSIS - how do you do it? There's the SSIS encryption key - I can change the password through config manager, but do I need to change the master key with
USE [SSISDB];GOOPEN MASTER KEY DECRYPTION BY PASSWORD = N'[old_password]'; ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = N'[new_password]';GO |
or does it matter? Do I need to change the master key at all? Is it more like SQL Service, than SSRS
And SSAS - is that just a case similar to SQL itself, rather than SSRS?
Can't find anything on line on the latter two...
many thanks
March 4, 2019 at 3:31 am
your best option is not to use passwords at all.
change all your accounts to be MSA/GMSA accounts - GMSA more versatile as they can be used in more than one host.
SSAS service is the same as any other SQL Service
as for SSISDB master key - once set I tend to forget about it - assumption here is that all the items required to recreate SSISDB are available on Source Control - should you have to drop and recreate SSISDB only execution history would be lost.
Should you consider that you may need to restore it instead of recreating, then just keep the master key password safely stored somewhere where only authorized individuals can access after going through an approval process.
March 4, 2019 at 3:46 am
Thanks
unfortunately, we are where we are, and we need to change the existing password
Will changing the SSIS password lead to encryption errors? Does anyone know? Or is it like SSAS/SQL?
March 4, 2019 at 6:29 am
peter.cox - Monday, March 4, 2019 3:46 AMThanksunfortunately, we are where we are, and we need to change the existing password
Will changing the SSIS password lead to encryption errors? Does anyone know? Or is it like SSAS/SQL?
Given that you can completely disable the SSIS service and almost everything will continue to work, I cannot imagine any issues at all. But why not run a test to reassure yourself?
The absence of evidence is not evidence of absence.
Martin Rees
You can lead a horse to water, but a pencil must be lead.
Stan Laurel
March 4, 2019 at 6:38 am
I would - but I'm slightly wary of preceding if there is a known issue....I'm always wary of Microsoft's encryption on SSRS, and I just cannot find anything on this one at all!
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply