Re: securityadmin server role - change password

---

• From: nate.vu@xxxxxxxxx
• Date: 28 Apr 2006 18:14:30 -0700

---

Hi Bill,

My reply's a little late, but I had a play with things and this is what
I found....

In Enterprise Manager (I assume that passwords are changed via
Enterprise Manager), whenever anybody who has the ability to change a
password (e.g. member of SysAdmin or SecurityAdmin fixed server role)
tries to do so they are presented with a dialog box that had fields for
the Old Password and the New Password. A difference is that members of
SysAdmin never have to enter the old password (i.e. the field in the
dialog is not editable) while the field for the old password is
editable for members of the SecurityAdmin role. So far, I see what
you're describing in your post.

However, an interesting thing to note is that even though the field for
old password is editable it does not have to be filled and in fact
passwords can be changed without entering a value in the "Old Password"
field on the dialog. The only exception to this rule is when a member
of the SecurityAdmin role attempts to change the password of someone
belonging to the SysAdmin role. This can be confirmed by manually
running tests through Enterprise Manager and also by viewing the code
for the appropriate stored procedure, which in this case is sp_password
in the master DB.

Is the staff member trying to change the passwords for people who have
the SysAdmin fixed server role? If they are not, then they can ignore
the "Old Password" field in the dialog and just type in the new
password.

As far as I am aware, there is no way around the requirements I have
stated previously (i.e. SecurityAdmin does not have to enter an old
password unless changing the password for someone who is SysAdmin) as
that's the way the stored proc that is designed (sp_password as I
mentioned previously). I think the only workaround is for you to give
the staff member SysAdmin privileges.

Hope that helps a little or sheds some more light on the issue.

.

---

• Follow-Ups:
  • Re: securityadmin server role - change password
    • From: bill

• References:
  • securityadmin server role - change password
    • From: bill

• Prev by Date: Re: Can I install Standard or Enterprise Versions?
• Next by Date: Re: securityadmin server role - change password
• Previous by thread: securityadmin server role - change password
• Next by thread: Re: securityadmin server role - change password
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: securityadmin server role - change password ... password (e.g. member of SysAdmin or SecurityAdmin fixed server role) ... SysAdmin never have to enter the old password (i.e. the field in the ... editable for members of the SecurityAdmin role. ... The only exception to this rule is when a member ... (microsoft.public.sqlserver.setup) Re: Set restriction on Local Admin Account ... > fixed server role 'sysadmin'. ... Allow local admins of the box to ... > Note that being a member of the db_backupoperator role will not allow you to ... (microsoft.public.sqlserver.server) Re: When creating a new table, owner is DBO I need another user ... database is mapped to the special user inside each database called dbo. ... any object created by any member of the sysadmin fixed server role ... (microsoft.public.sqlserver.security) Re: Default User ... database is mapped to the special user inside each database called dbo. ... any object created by any member of the sysadmin fixed server role ... (microsoft.public.sqlserver.security) Re: SQL Login ... The sa login account is a member of that role as well. ... Dejan Sarka, SQL Server MVP ... > But how do we add the User X to the sysadmin / ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)