Skip to main content

Find NULL Passwords with PowerShell/T-SQL


DBAs: Here's a small script that will find SQL Logins with NULL passwords on multiple servers.
 
1:  foreach ($svr in get-content "C:\Input\ProdInstances.txt" | where {$_ -notmatch "^#"})
2:  {    
3:      $svr
4:      $ExFile = 'C:\Audit\NULL_SQL_Passwords_' + $svr.Replace('\','_') + '.csv'
5:        $con = "server=$svr;database=master;Integrated Security=sspi" 
6:        $cmd = "SELECT @@SERVERNAME AS Server, name, loginname, dbname, password, accdate FROM master..syslogins WHERE password IS NULL AND isntgroup = 0 AND isntname = 0 AND loginname NOT LIKE '##%'"
7:        $da = new-object System.Data.SqlClient.SqlDataAdapter ($cmd, $con)
8:        $dt = new-object System.Data.DataTable
9:        trap {"Oops! $_"; continue } $da.fill($dt) | out-null
10:        if ($dt.Rows.Count -gt 0) { $dt | SELECT  Server, Name, Loginname, DBname, Password, Accdate | export-csv -noTypeInformation  $ExFile }
11:  }




Put a list of servers in a text file like so:

Server1
Server2
#Server3
Server4
...

I called mine ProdInstances.txt and put it in the folder C:\Input.

If you need to skip a server in the list, put a # at the beginning of that line and the where clause in line 1 will cause that line to be skipped.  This is helpful when you are testing.

Line 1:  ForEach loop begins and reads the file C:\Input\ProdInstances.txt to get the list of servers.

Line 2:  Opening ForEach brace

Line 3:  Displays contents of $svr variable to console.  I use this as a progress indicator.

Line 4:  Setup csv output file to contain results.

Line 5:  Setup connection to the database server.

Line 6:  Set SQL command to be executed.

SELECT @@SERVERNAME AS Server, name, loginname, dbname, password, accdate 
FROM master..syslogins 
WHERE password IS NULL 
AND isntgroup = 0 
AND isntname = 0 AND loginname NOT LIKE '##%' 

Line 7:  Setup SQLDataAdapter.

Line 8:  Setup DataTable to hold results of SQL query

Line 9:  Execute the query and load the DataTable.  Trap statement checks for errors.

Line 10: If the result set contains any rows, write the result set to the csv file.

Line 11: Closing ForEach brace

Comments

Popular posts from this blog

Modifying Endpoint URLs on Availability Group Replicas

I recently had to modify the Endpoint URLs on our SQL Server Availability Group replicas.  The reason for this blog post is that I could not answer the following questions: Do I need to suspend data movement prior to making this change?  Would this change require a restart of the database instance? I spent enough time searching on my own to no avail that I tossed the question to the #sqlhelp hashtag on Twitter and Slack but didn't get an answer prior to executing the change request. After reading the relevant documentation, I think it's probably a good idea to suspend data movement for this change. The T-SQL is straightforward.  USE MASTER GO ALTER AVAILABILITY GROUP [AG1]  MODIFY REPLICA ON 'SQL2012-1' WITH (ENDPOINT_URL = 'TCP://10.10.10.1:5022'); ALTER AVAILABILITY GROUP [AG1]  MODIFY REPLICA ON 'SQL2012-2' WITH (ENDPOINT_URL = 'TCP://10.10.10.2:5022'); ALTER AVAILABILITY GROUP [AG2]  MODIFY REPLICA ON 'SQL2012-1

Set Azure App Service Platform Configuration to 64 bit.

If you need to update several Azure App Services' Configuration to change the Platform setting from 32 bit to 64 bit under Configuration | General settings, this script will save you about six clicks per service and you won't forget to press the SAVE button. Ask me I know. 🙄 Login-AzureRmAccount Set-AzureRmContext  -SubscriptionName  "Your Subscription" $ResourceGroupName  =  'RG1' ,  'RG2', 'RG3' foreach  ( $g   in   $ResourceGroupName ) {       # Set PROD slot to use 64 bit Platform Setting      Get-AzureRmWebApp  -ResourceGroupName  $g  | Select Name |  %  {  Set-AzureRmWebApp  -ResourceGroupName  $g  -Name  $_ .Name  -Use32BitWorkerProcess  $false  }       # Set staging slot to use 64 bit Platform setting      Get-AzureRmWebApp  -ResourceGroupName  $g  | Select Name |  %  {  Set-AzureRmWebAppSlot  -ResourceGroupName  $g  -Name  $_ .Name  -Slot  "staging"  -Use32BitWorkerProcess  $false  }  }

Convincing DBAs to Learn PowerShell

Currently, I am the sole DBA at my employer to dive deep into Microsoft Windows PowerShell. It has become my most important tool for discovering the state of our database server inventory as we work towards our standardization goals. It is also the main tool I use to answer questions about the inventory that require querying multiple servers. As I have learned how to use PowerShell, I have shared scripts and one-liners with my co-workers for the past year or more in an effort to convince them it is worthwhile to learn. I've written a couple of articles at Simple Talk describing some of my scripting experience. I've shared links to blog posts, articles, and tips on how to use PowerShell. It got me thinking about what is the best way to get someone started with PowerShell. In my efforts to learn PowerShell, I was always looking for examples. In my opinion, this is the best way to start after some initial readings on the PowerShell basics. So, my latest recommendat