Jump to content

Account Discovery of MS SQL accounts not working


Guest SadSaddo

Recommended Posts

Guest SadSaddo

Hi,

 

I have tried setting up an account discovery job to index the MS SQL accounts but the list turns out empty. (And there should be dozens, if not hundreds, of accounts).

 

Account Discovery works great with Windows and Linux accounts, not sure why it wouldn't work with the MS SQL accounts.
One of the odd things is that the last runtime of the discovery jobs returns 0 seconds. But I selected all the hosts.

 

Here are some screens of the settings of the password list I want to add it to, the job, the overview page and the hosts page.

 

Have I missed anything?

 

The Privileged account used for the job is a domain account with domain admin rights.

passwordlist.png

discovery.png

job.png

hosts.png

Link to comment
Share on other sites

Well, for starters it looks like you've left all filters blank, so there won't be any matches :)

 

EDIT:

Disregard this. I'm wrong :)

 

One thing you can do though, is take a gander at the contents of the actual discovery script and then run the important parts of the script manually on one of the target hosts. That way you can troubleshoot the issue step-by-step.

Link to comment
Share on other sites

Hello,

 

Can you tell us if the Host records in Passwordstate have been configured as a SQL Server - below is a screenshot of this? And, we only support querying SQL Servers where Mixed Mode authentication is enabled, and querying of SQL Accounts - not Active Directory ones.

 

sqlhost.png

 

Regards

Click Studios

Link to comment
Share on other sites

Hi,

 

Thank you for the information, setting a Database Server Type does help. (It's showing a few seconds of processing time now)

 

However I am still struggling finding out what the minimal required priliveges should be for the sql server account for the passwordstate application.

 

At the moment I manage to index the account (and I plan to also perform password resets) by granting the following securables:

- Alter any credential

- Alter any login

- Authenticate server

- Connect SQL

Link to comment
Share on other sites

Hi,

 

Sorry this information is missing in our manual, and we will update that.

 

As per the following Microsoft document, 'Alter Any Login' permissions is required as the minimum - https://technet.microsoft.com/en-us/library/ms189828(v=sql.105).aspx. This will work for Account Discoveries and Account Resets.

 

We hope this helps.

 

Regards

Click Studios

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...