If you use SQL Server Authentication, also known as Standard Security, to install SQL Server 7.0 or SQL Server 2000, the system administrator ( sa ) password may be stored in clear text, or in an encrypted readable format in the SQL Server 7.0 and SQL Server 2000 setup files.
Also, if you configure SQL Server Services by using a domain account, the domain account password may be written to the Setup.iss file in an weakly encrypted format.
The Killpwd utility automates scanning for these setup files and removing the passwords from them.
|