So I have written an .INI file to customize the SQL Server Express 2005 install which works great, but the .INI file currently has the password hardcoded into it....which I obviously don't want, is there a way to change the password to command line user input at that part of the install?


0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



I have not done that package but I have an idea how to do it.

1. Since there is a chance that it is an MSI, try to get a verbose log out of your installation using your current setup. i.e. password hardcoded into .INI.

2. Once you have installed it, find the password inside that verbose log and take note of the property that it was assigned.

3. On another machine where you have not installed it yet, install it (remove the hardcode password now in your .INI) and add the property and its value in command.

4. Ideally, it is now successfully installed without using your .INI file to provide the pass.

Answered 08/27/2013 by: dj_xest
Fifth Degree Black Belt

  • I can't run the install like that because it is a portoin of a much larger .bat file I have running for unattended installs. Also the file I have to wrok with is the setup.exe for SQL 2005 so it is not a MSI file.
  • All flavours of SQL Server to date have spat out MSIs. The exciting part is installing the various ones into the correct order. Do a dummy install using the set-up stub and take a look at the log it writes (somewhere beneath the installtion root). That will show you the MSIs used and the order they get installed in.
  • I have just run a little review of this app and is indeed a nasty one which I don't recommend messing around with their recommend setup.

    The only way I can think now to avoid hard-coding the password is to wrap that password in an executable and write it down to the INI during the installs and remove it afterwards. Or wrap that INI file in your executable and copy it only during installs and destroy it afterwards.

    Hope you got the idea..
  • Okay, sorry I took so long to write back I have been traveling... I appreciate all the help on this, I figured it out though. So this is what I did to resolve the issue I was having. Only thing I want to figure out now is how to hide what the user inputs cause it will show the entered characters in the CMD window. I rather it show **** or nothing at all, any thoughts?

    @echo off

    ::User input for variable setup with secure password.
    set PASSWORD=
    set /P PASSWORD=Enter password: %=%

    Start /WAIT "" "C:\Microsoft SQLServer Express 2005\SQL Express\setup.exe" SAPWD="%PASSWORD%" /settings "C:\SQL2005_INI\SQL2005Express.ini" /qb
Please log in to comment

If you want to bury it a tad further, you could apply an MST to MSI once property is found. Then just edit/add the password via the Property Table.

Commandline is relatively easy to read by anybody, MST would require someone with a tad more knowledge to discover.

Answered 08/27/2013 by: ekgcorp
Tenth Degree Black Belt

  • I could probably figure out MST, but the file is an exe for SQL and as I mentioned above to @DJ_Xest, that this is running within a larger BAT file. There is no way to pass a command line variable within an INI file for example the %username% variable for user ID.
  • The logged-in user's username is available to Windows Installer via the standard property or from the environment, i.e. [%USERNAME]
  • Thanks for the help, I don't know if this will ever help you, but see my comment above if you need to do something with user input sometime.
Please log in to comment