> For the complete documentation index, see [llms.txt](https://docs.ovaledge.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ovaledge.com/connectors/additional-requirements/windows-authentication-for-ssis-powershell-automation.md). # Windows Authentication for SSIS PowerShell Automation Windows Authentication provides the most secure method for connecting to SQL Server without storing passwords inside scripts or configuration files. It uses the identity of the logged-in Windows account (or scheduled task service account) to authenticate against SQL Server. ## Key Benefits * No password is stored in the PowerShell script. * No credential files stored on disk. * Authentication is handled by the Windows Security subsystem. * Prevents exposure of SQL login credentials. * Ideal for on-premise Active Directory (AD) environments. * Compatible with automated jobs such as Windows Scheduled Tasks. ## How It Works When connecting to SQL Server using Integrated Security, PowerShell (and .NET SqlClient) automatically uses the current user's Kerberos/NTLM token to authenticate. SQL Server validates the Windows account based on permissions assigned in the database. ## Sample PowerShell Connection String ``` $server = "MySQLServer" $database = "SSISDB" $connectionString = "Server=$server;Database=$database;Integrated Security=True;" ``` ## Requirements * The machine running the script must be domain-joined. * SQL Server must allow Windows Authentication (Mixed Mode or Windows-only). * The Windows account executing the script must have the required database permissions. * If using a Scheduled Task, the task must run under the same privileged Windows account. ## Best Practice Deployment Model * Create or use an existing Windows domain service account. * Grant that AD account db\_datareader or necessary permissions on SSISDB. * Configure the PowerShell script to use Integrated Security=True. * Schedule the script via Windows Task Scheduler using the service account. * No passwords are stored anywhere in the script or on disk. ## Why Enterprise Customers Prefer This Windows Authentication aligns with enterprise security policies, avoids password rotation issues, supports auditing, prevents credential exposure, and complies with security standards like CIS and NIST. *** Copyright © 2026, OvalEdge LLC, Peachtree Corners, GA, USA. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ovaledge.com/connectors/additional-requirements/windows-authentication-for-ssis-powershell-automation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.