SQL Server Local Account Passwords

Check Description

This check identifies any blank or simple passwords for each local SQL account on the computer.

Windows XP, Windows 2000, and Windows NT operating systems all require user authentication through passwords. In general users are permitted to choose their own passwords. The security of their account depends on the choice of the password. This check enumerates all user accounts and checks for the following password conditions:

  • Password is blank
  • Password is the same as the user account name
  • Password is the same as the machine name
  • Password uses the word "password"
  • Password uses the word "sa"
  • Password uses the word "admin" or "administrator"

    This check also notifies you of any accounts that have been disabled, or are currently locked out.

    • NOTE:  MBSA does not attempt to crack passwords during this check, and instead attempts a password change request using each condition in the bulleted list above. Account lockout policy counts will be reset if in effect on the scanned machine.

    Additional Information

    Implementing Guidelines for Strong Passwords

    Assigning an sa Password

    ⌐ 2002 Microsoft Corporation. All rights reserved.