< Back
Test-DbaLoginPassword
Post
NAME Test-DbaLoginPassword
SYNOPSIS
Test-DbaLoginPassword finds any logins on SQL instance that are SQL Logins and have a password that is either null
or same as the login
SYNTAX
Test-DbaLoginPassword [[-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
[[-SqlCredential] <Pscredential>] [[-Login] <System.String[]>] [[-Dictionary] <System.String[]>] [[-InputObject]
<Microsoft.SqlServer.Management.Smo.Login[]>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
The purpose of this function is to find SQL Server logins that have no password or the same password as login. You
can add your own password to check for or add them to a csv file.
By default it will test for empty password and the same password as username.
PARAMETERS
-Dictionary [<System.String[]>]
Specifies a list of passwords to include in the test for weak passwords.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-InputObject [<Microsoft.SqlServer.Management.Smo.Login[]>]
Allows piping from Get-DbaLogin.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Login [<System.String[]>]
The login(s) to process.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Allows you to login to servers using SQL Logins instead of Windows Authentication (AKA Integrated or Trusted).
To use:
$scred = Get-Credential, then pass $scred object to the -SqlCredential parameter.
Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows
credentials being passed as credentials.
To connect as a different Windows user, run PowerShell as that user.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The SQL Server instance you're checking logins on. You must have sysadmin access and server version must be
SQL Server version 2008 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Login, Security
Author: Peter Samuelsson
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Test-DbaLoginPassword -SqlInstance Dev01
Test all SQL logins that the password is null or same as username on SQL server instance Dev01
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Test-DbaLoginPassword -SqlInstance Dev01 -Login sqladmin
Test the 'sqladmin' SQL login that the password is null or same as username on SQL server instance Dev01
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Test-DbaLoginPassword -SqlInstance Dev01 -Dictionary Test1,test2
Test all SQL logins that the password is null, same as username or Test1,Test2 on SQL server instance Dev0
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-DbaLogin -SqlInstance "sql2017","sql2016" | Test-DbaLoginPassword
Test all logins on sql2017 and sql2016
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>$servers | Get-DbaLogin | Out-GridView -PassThru | Test-DbaLoginPassword
Test selected logins on all servers in the $servers variable
RELATED LINKS
https://dbatools.io/Test-DbaLoginPassword
SYNOPSIS
Test-DbaLoginPassword finds any logins on SQL instance that are SQL Logins and have a password that is either null
or same as the login
SYNTAX
Test-DbaLoginPassword [[-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
[[-SqlCredential] <Pscredential>] [[-Login] <System.String[]>] [[-Dictionary] <System.String[]>] [[-InputObject]
<Microsoft.SqlServer.Management.Smo.Login[]>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
The purpose of this function is to find SQL Server logins that have no password or the same password as login. You
can add your own password to check for or add them to a csv file.
By default it will test for empty password and the same password as username.
PARAMETERS
-Dictionary [<System.String[]>]
Specifies a list of passwords to include in the test for weak passwords.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-InputObject [<Microsoft.SqlServer.Management.Smo.Login[]>]
Allows piping from Get-DbaLogin.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Login [<System.String[]>]
The login(s) to process.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Allows you to login to servers using SQL Logins instead of Windows Authentication (AKA Integrated or Trusted).
To use:
$scred = Get-Credential, then pass $scred object to the -SqlCredential parameter.
Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows
credentials being passed as credentials.
To connect as a different Windows user, run PowerShell as that user.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The SQL Server instance you're checking logins on. You must have sysadmin access and server version must be
SQL Server version 2008 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Login, Security
Author: Peter Samuelsson
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Test-DbaLoginPassword -SqlInstance Dev01
Test all SQL logins that the password is null or same as username on SQL server instance Dev01
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Test-DbaLoginPassword -SqlInstance Dev01 -Login sqladmin
Test the 'sqladmin' SQL login that the password is null or same as username on SQL server instance Dev01
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Test-DbaLoginPassword -SqlInstance Dev01 -Dictionary Test1,test2
Test all SQL logins that the password is null, same as username or Test1,Test2 on SQL server instance Dev0
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Get-DbaLogin -SqlInstance "sql2017","sql2016" | Test-DbaLoginPassword
Test all logins on sql2017 and sql2016
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>$servers | Get-DbaLogin | Out-GridView -PassThru | Test-DbaLoginPassword
Test selected logins on all servers in the $servers variable
RELATED LINKS
https://dbatools.io/Test-DbaLoginPassword