log file data

I was wrestling through some issues I was having with the install of the f5 mp on the ms of our Operations Manager deployment when I noticed that the installer is throwing the password of the run as account into the setup.log file. Perhaps it is just me, but that seems like a bad idea. Obviously, the process of keeping your environment secure would have started with a myriad of other measures. However, it just seems we benefit little by placing it in the log compared to the potential issues it could cause. After all, this account is in the SCOM Administrators group.

 

 

 

 

<03-30-2011 04:30:44> Info: Installer Stage[Sql.Database]: action=Process Custom Argument=Password Value=xxxxxxx, duration=00:00:00, state=Starting

 

<03-30-2011 04:30:44> Info: Installer Stage[Sql.Database]: action=Process Custom Argument=Password Value=xxxxxxxx, duration=00:00:00, state=Success

 

 

 

- John