João Neto
João Neto's Blog

João Neto's Blog

Yet another post about resetting the Admin password

Yet another post about resetting the Admin password

João Neto's photo
João Neto

Published on Mar 8, 2021

2 min read

Subscribe to my newsletter and never miss my upcoming articles

In the WDP packages you download from, you can find sample scripts for creating users for each database. You also find, a sample script for configuring the admin password. image.png The script is named SetSitecoreAdminPassword.sql and it is located in the file Sitecore 10.1.0 rev. 005207 (OnPrem)_single.scwdp (Sitecore 10.1). It is optimized to support different encryption methods.

declare @ApplicationName nvarchar(256) = 'sitecore'
declare @UserName nvarchar(256) = 'sitecore\admin'
declare @Password nvarchar(128) = 'PlaceHolderForPassword'
declare @HashAlgorithm nvarchar(10) = 'SHA1'
declare @PasswordFormat int = 1 -- Hashed
declare @CurrentTimeUtc datetime = SYSUTCDATETIME()
declare @Salt varbinary(16) = 0x
declare @HashedPassword varbinary(20)
declare @EncodedHash nvarchar(128)
declare @EncodedSalt nvarchar(128)

-- Generate random salt
while len(@Salt) < 16
    set @Salt = (@Salt + cast(cast(floor(rand() * 256) as tinyint) as binary(1)))

-- Hash password
set @HashedPassword = HASHBYTES(@HashAlgorithm, @Salt + cast(@Password as varbinary(128)));

-- Convert hash and salt to BASE64
select @EncodedHash = cast(N'' as xml).value(
                , 'varchar(max)'
            ) from (select @HashedPassword as [bin] ) T

select @EncodedSalt = cast(N'' as xml).value(
                , 'VARCHAR(MAX)'
            ) from (select @Salt as [bin] ) T 

execute [dbo].[aspnet_Membership_SetPassword] 

Some applications might need to change the hash algorithm type in the web.config file due to compliance reasons and it requires you to generate a different hashed password when resetting the admin account. This is why the script above is optimized for all scenarios.



Photo by Pixabay from Pexels.

Share this