Scripting Question

SQL Server Express 2005, password variable with .ini file?

08/27/2013 2736 views

So I have written an .INI file to customize the SQL Server Express 2005 install which works great, but the .INI file currently has the password hardcoded into it....which I obviously don't want, is there a way to change the password to command line user input at that part of the install?


0 Comments   [ + ] Show comments


All Answers


I have not done that package but I have an idea how to do it.

1. Since there is a chance that it is an MSI, try to get a verbose log out of your installation using your current setup. i.e. password hardcoded into .INI.

2. Once you have installed it, find the password inside that verbose log and take note of the property that it was assigned.

3. On another machine where you have not installed it yet, install it (remove the hardcode password now in your .INI) and add the property and its value in command.

4. Ideally, it is now successfully installed without using your .INI file to provide the pass.

Answered 08/27/2013 by: dj_xest
5th Degree Black Belt

  • I can't run the install like that because it is a portoin of a much larger .bat file I have running for unattended installs. Also the file I have to wrok with is the setup.exe for SQL 2005 so it is not a MSI file.
  • All flavours of SQL Server to date have spat out MSIs. The exciting part is installing the various ones into the correct order. Do a dummy install using the set-up stub and take a look at the log it writes (somewhere beneath the installtion root). That will show you the MSIs used and the order they get installed in.
  • I have just run a little review of this app and is indeed a nasty one which I don't recommend messing around with their recommend setup.

    The only way I can think now to avoid hard-coding the password is to wrap that password in an executable and write it down to the INI during the installs and remove it afterwards. Or wrap that INI file in your executable and copy it only during installs and destroy it afterwards.

    Hope you got the idea..
  • Okay, sorry I took so long to write back I have been traveling... I appreciate all the help on this, I figured it out though. So this is what I did to resolve the issue I was having. Only thing I want to figure out now is how to hide what the user inputs cause it will show the entered characters in the CMD window. I rather it show **** or nothing at all, any thoughts?

    @echo off

    ::User input for variable setup with secure password.
    set PASSWORD=
    set /P PASSWORD=Enter password: %=%

    Start /WAIT "" "C:\Microsoft SQLServer Express 2005\SQL Express\setup.exe" SAPWD="%PASSWORD%" /settings "C:\SQL2005_INI\SQL2005Express.ini" /qb

If you want to bury it a tad further, you could apply an MST to MSI once property is found. Then just edit/add the password via the Property Table.

Commandline is relatively easy to read by anybody, MST would require someone with a tad more knowledge to discover.

Answered 08/27/2013 by: ekgcorp
10th Degree Black Belt

  • I could probably figure out MST, but the file is an exe for SQL and as I mentioned above to @DJ_Xest, that this is running within a larger BAT file. There is no way to pass a command line variable within an INI file for example the %username% variable for user ID.
  • The logged-in user's username is available to Windows Installer via the standard property or from the environment, i.e. [%USERNAME]
  • Thanks for the help, I don't know if this will ever help you, but see my comment above if you need to do something with user input sometime.
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ