If you use SQL Server Authentication, also known as Standard Security, to install the products listed in the "Applies to" section, the system administrator (sa) password may be stored in clear text, or in an encrypted readable format in the SQL Server Setup files.
Also, if you configure SQL Server Services by using a domain account, the domain account password may be written to the Setup.iss file in a weakly encrypted format.
Note Microsoft SQL Server 2000 Service Pack 3 (SP3) or later versions use encryption on the included passwords in these files. This encryption helps improve security. However, we still recommend that you remove the encrypted passwords or the installation files that contain the passwords if they are no longer required.
SQL Server 7.0 The sa password or the domain account password is saved in a clear text or a weakly encrypted format in the Setup.iss file in the %Windir% folder.
NoteThe %Windir% folder will also vary if the original installation was completed through a Terminal Server connection. A copy of this file is created in the %SystemDrive%\MSSQL7\Install\or\Tools folder when the Setup program finishes.
The password information may also be included in the Sqlstp.log file and in the Sqlsp*.log file. These files exist in the %Windir% folder and the Temp folder. The %Windir% folder will also vary if the original installation was completed through a Terminal Server connection. On Microsoft Windows 2000-based computers, the Temp folder is set under the Environment Variables on the Advanced tab of the System Control Panel.
SQL Server 2000 The sa password or the domain account password is saved in an encrypted, but readable format in the Sqlstp.log, Sqlsp.log and the Setup.iss files in the Drive:\Program Files\Microsoft SQL Server\Mssql\Install folder for a default installation. Note that the Mssql folder may be MSSQL$InstanceName for a named instance installation. The Setup.iss file for SQL Server 2000 uses Access Control List. Therefore, only Windows NT administrators and SQL Server administrators can access the file.
SQL Server 2000 also includes the ability to natively install on a Windows Clustered server. The remote cluster Setup log files are Remsetup.ini and a remote install script file that is similar to the Setup.iss files for each remote node. These remote install script files are named RemoteComputerName_InstanceName.iss. These files are also stored in the %Windir% folder and are ordinarily deleted when the Setup program finishes. However, these files may potentially be left behind if the cluster setup experiences a failure.
To resolve this problem, use one of the following methods:
- Use Microsoft Windows NT Security Authentication to install the original release version of SQL Server or a service pack. Then, use the LocalSystem account when you configure the SQL Services. This method avoids this problem.
- Change the SQL Server sysadmin (sa) password and the SQL Service domain account password after you install the service pack.
- After you install the products that are listed in the "Applies to" section, you must run the Killpwd.exe utility to clean the setup files. The Killpwd.exe utility works for SQL Server 7.0 and for SQL Server 2000.
Note Previously, Microsoft released an update for SQL Server 7.0 (MSDE 1.0) Service Pack 2 and for SQL Server 7.0 Service Pack 3. However, you do not have to use the updates because the updated Killpwd.exe utility supersedes the previous updates.
Killpwd utility instructions
Microsoft has created a command utility, Killpwd.exe, to search the Microsoft SQL Server Setup files for the sa
login password. If the Killpwd.exe utility finds an occurrence of the sa
password, the sa
password is removed from the log file in basic mode operation. By default, the tool searches the Sqlsp.log, Sqlstp.log, and Setup.iss files in the %Windir
%\Temp and %Temp
% folders, where %Windir
% and %Temp
% are environment variables defined by Microsoft Windows.
Microsoft has updated the Killpwd.exe utility to include more locations where the setup files that remote and cluster installations create are located. In some scenarios, these files may have names or paths that vary from the defaults. These variants are the following:
- Clustered installations will create setup files on all nodes. If you want to run the utility from a single node, you must also specify the UNC paths to the drives on remote nodes if you want to remove those files. Alternatively, you can run the utility from each node to clean up the setup files that exist locally.
- Remote files that are created for cluster setup follow the following format:
RemoteComputerName_InstanceName.issIf the computer name has been modified or if an instance has been removed, the utility will not know to search for files under these file names by default.
- If the name of the Windows cluster has been changed, the log files have the old file names. In this scenario, the utility would not know to search for files under these file names by default.
- Terminal Server connections use different %Temp% and %WinDir% folders. These folders may vary with user id and environment variables.
- Remote setup may use the local %Temp% location instead of storing files on the computer on which the installation of SQL Server is occurring. The Killpwd utility cannot determine whether this is the case and cannot know which remote path to search for the log files.
Download and then run the latest Killpwd.exe utility from the link in this article. The new version includes the ability to specify locations other than the default location to find all possible versions of these files. You can also specify remote locations.
For more information about these log files and unattended installations, see your SQL Server documentation. If you create an *.iss file to perform unattended installations, you must copy the *.iss file to a security-enhanced location that is not in searchable folders.Note
These setup information files are also left behind when you remove SQL Server. This behavior is by design. This behavior lets you troubleshoot why an installation might have failed if you are forced to rollback and lets you use an ISS file to reinstall this instance or other instances. In this case, this instance of SQL Server is clearly no longer available to take advantage of. However, the nature of passwords is so that you might have used the same password for another instance of SQL Server that has not yet been removed.
To run the Killpwd.exe utility use one of the following methods:
- Double-click Killpwd.exe.
- Run Killpwd.exe at a command prompt.
When you run Killpwd.exe at a command prompt, you receive more information.
Note At a command prompt, you can use the following parameters:
Killpwd.exe /?To specify a non-default search path and file
For SQL Server 2000, you must specify the location of the Setup.iss file if you want to remove occurrences of the sa
password. The Setup.iss file for SQL Server 2000 is located in the Drive
:\Program Files\Microsoft SQL Server\Mssql\Install folder for a default installation. Note that the Mssql folder may be MSSQL$InstanceName
. If you will use the Setup.iss file later to perform an unattended installation of SQL Server, do not run Killpwd.exe on the Setup.iss file.
You may receive the following messages:
There was an error initializing the administrator SID.
There was an error getting token information.
There was an error opening the process token.
There was an error retrieving the current process module information.
There was an error retrieving the program file information.
Invalid Argument : %s
Invalid path : %s
To perform a custom scan both the path (/p) and file (/f) must be specified.
You must be an administrator to run this tool to ensure that all generated files are accessible.
There was an error retrieving the registry key Software\\Microsoft\\MSSQLServer\\ClientSetup\\SqlPath.
When scanning using the /N option the search match number can be larger than a normal scan because some search strings are substrings of others. In a normal scan the passwords are removed as the search progresses so similar search strings won't match the same string multiple times.
Memory allocation failure. Exiting.
Error getting the next file from the file search.
There was an error enumerating the nodes of the cluster.
Cluster name is longer than the internal buffer supplied.
There was an error opening file %s
There was an error getting the position within file %s
There was an error setting the position within file %s
There was an error retrieving the computer name.
There was an error retrieving the system directory.
There was an error retrieving the windows directory.
There was an error processing the Windows system directory %s.
There was an error retreiving the TEMP environment variable.
There was an error retrieving the registry key Software\\Microsoft\\MSSQLServer\\Setup\\SqlPath.v
Steps to run the Killpwd.exe utility
To run the Killpwd.exe utility, follow these steps:
- Download and extract Killpwd.exe.
The following file is available for download from the Microsoft Download Center:
Download the Killpwd.exe package now.Release Date: June 14, 2005
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
How to obtain Microsoft support files from online services
- Run the self-extracting executable file to extract the package. During the extraction process, you are prompted to specify a destination folder for Killpwd.exe.
- In Windows Explorer, move to the folder you specify in step 2. Double-click Killpwd.exe to run the program. Or open a command prompt, and then enter the path of Killpwd.exe to run the executable.
The following command-line parameters are available in the new version of Killpwd.exe:
|/? /H /Help ||Display Killpwd tool help text.|
|/F /File||Scan a specified file for passwords and then remove the passwords.|
| /P /Path||Scan the files in a specified folder for passwords and then remove the passwords.|
|/Nologo||Suppress the logo information output.|
| /R||Enable recursive mode. All files and subfolders of the specified folder will be scanned and cleaned.|
|/N||Enable scan-only mode. Files will be scanned but passwords will not be removed. This parameter is used to create a list of changes that the utility would make. You can use this list to review the changes for correctness before you actually make the changes.|
|/V /Verbose||Enable verbose mode logging.|
You must have Windows Administrator rights to run the utility.