Article ID: 263968 - View products that this article applies to.
This article was previously published under Q263968
If you use SQL Server Authentication, also known as Standard Security, to install the products listed in the "Applies to" section, the system administrator (sa) password may be stored in clear text, or in an encrypted readable format in the SQL Server Setup files.
Also, if you configure SQL Server Services by using a domain account, the domain account password may be written to the Setup.iss file in a weakly encrypted format.
Note Microsoft SQL Server 2000 Service Pack 3 (SP3) or later versions use encryption on the included passwords in these files. This encryption helps improve security. However, we still recommend that you remove the encrypted passwords or the installation files that contain the passwords if they are no longer required.
SQL Server 7.0The sa password or the domain account password is saved in a clear text or a weakly encrypted format in the Setup.iss file in the %Windir% folder.
NoteThe %Windir% folder will also vary if the original installation was completed through a Terminal Server connection. A copy of this file is created in the %SystemDrive%\MSSQL7\Install\or\Tools folder when the Setup program finishes.
The password information may also be included in the Sqlstp.log file and in the Sqlsp*.log file. These files exist in the %Windir% folder and the Temp folder. The %Windir% folder will also vary if the original installation was completed through a Terminal Server connection. On Microsoft Windows 2000-based computers, the Temp folder is set under the Environment Variables on the Advanced tab of the System Control Panel.
SQL Server 2000The sa password or the domain account password is saved in an encrypted, but readable format in the Sqlstp.log, Sqlsp.log and the Setup.iss files in the Drive:\Program Files\Microsoft SQL Server\Mssql\Install folder for a default installation. Note that the Mssql folder may be MSSQL$InstanceName for a named instance installation. The Setup.iss file for SQL Server 2000 uses Access Control List. Therefore, only Windows NT administrators and SQL Server administrators can access the file.
SQL Server 2000 also includes the ability to natively install on a Windows Clustered server. The remote cluster Setup log files are Remsetup.ini and a remote install script file that is similar to the Setup.iss files for each remote node. These remote install script files are named RemoteComputerName_InstanceName.iss. These files are also stored in the %Windir% folder and are ordinarily deleted when the Setup program finishes. However, these files may potentially be left behind if the cluster setup experiences a failure.
To resolve this problem, use one of the following methods:
Killpwd utility instructionsMicrosoft has created a command utility, Killpwd.exe, to search the Microsoft SQL Server Setup files for the sa login password. If the Killpwd.exe utility finds an occurrence of the sa password, the sa password is removed from the log file in basic mode operation. By default, the tool searches the Sqlsp.log, Sqlstp.log, and Setup.iss files in the %Windir%\Temp and %Temp% folders, where %Windir% and %Temp% are environment variables defined by Microsoft Windows.
Microsoft has updated the Killpwd.exe utility to include more locations where the setup files that remote and cluster installations create are located. In some scenarios, these files may have names or paths that vary from the defaults. These variants are the following:
For more information about these log files and unattended installations, see your SQL Server documentation. If you create an *.iss file to perform unattended installations, you must copy the *.iss file to a security-enhanced location that is not in searchable folders.
Note These setup information files are also left behind when you remove SQL Server. This behavior is by design. This behavior lets you troubleshoot why an installation might have failed if you are forced to rollback and lets you use an ISS file to reinstall this instance or other instances. In this case, this instance of SQL Server is clearly no longer available to take advantage of. However, the nature of passwords is so that you might have used the same password for another instance of SQL Server that has not yet been removed.
To run the Killpwd.exe utility use one of the following methods:
You may receive the following messages:
Steps to run the Killpwd.exe utilityTo run the Killpwd.exe utility, follow these steps:
Command-line parametersThe following command-line parameters are available in the new version of Killpwd.exe:
Note You must have Windows Administrator rights to run the utility.
Collapse this tableExpand this table
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about how to download and to install the latest SQL Server service pack, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/301511/ )How to obtain the latest SQL Server 7.0 service pack
290211For more information, contact your primary support provider.
(http://support.microsoft.com/kb/290211/ )How to obtain the latest SQL Server 2000 service pack
The Sqlsp.log file is used to track the installation progress and to troubleshoot service pack installation failures.
For more information about how to determine which folder Windows is installed in, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/305792/ )How to determine which folder Windows is installed in
For more information, see the following Microsoft Security Bulletins:
Article ID: 263968 - Last Review: October 23, 2012 - Revision: 10.0
Contact us for more help
Connect with Answer Desk for expert help.