August 7, 2009 at 9:15 am
Hi all,
I was wondering how many unsuccessful attempts does it take before a user gets locked out of the database? I'm not able to find any settings in SQL 2000 to let me configure this property. Is there a default ?
Thanks,
Mon
August 7, 2009 at 9:24 am
The default is.... unlimited, because this functionality is not supported in SQL 2000.. As an aside it really isn't supported in SQL 2005 directly either..
CEWII
August 7, 2009 at 9:27 am
Yikes...thanks!
August 7, 2009 at 9:30 am
For SQL logins especially in 2000 there is nothing, in 2005, I'm not sure. For trusted/windows logins if the user does something that gets them locked out at the OS level then that will propogate to SQL when they try to login. I'm not aware of anything you can do in SQL 2005+ that can cause a lockout, access denied does not work that way and since they already authenticated at the OS level...
CEWII
August 8, 2009 at 1:28 pm
Actually accoung lock out setting\option is not available in SQL Server 2000.
but if we talk about SQL Server 2005, there you can set the option by opting ENFORCE PASSWORD POLICY.
by opting this you are actually applying group policy of OS to SQL Server Logins.
For example:
lets assume you have created a group policy on your windows server that the password lenght should be minimum 6 characters and the accout should get locked after 3 unseccessfull attempts.
By doing this a windows login will automatically have this policy applied.
and while creating a SQL Server login if you opt for ENFORCE PASSWORD POLICY it will apply the same policy on sql server login and you have to provide atleast 6 characters of password with same lock out setting.
😎
Regards,
Sarabpreet Singh 😎
Sarabpreet.com
SQLChamp.com
Twitter: @Sarab_SQLGeek
August 11, 2009 at 7:57 am
Keep in mind this is only relevant for SQL logins, domain logins will still follow the domain policy no matter what options you try to set.
CEWII
August 14, 2009 at 4:59 am
oh yes..., i forgot that one. 🙂
thanks.
Regards,
Sarabpreet Singh 😎
Sarabpreet.com
SQLChamp.com
Twitter: @Sarab_SQLGeek
June 17, 2016 at 2:29 pm
Sarab_SQLGeek (8/8/2009)
if we talk about SQL Server 2005, there you can set the option by opting ENFORCE PASSWORD POLICY.by opting this you are actually applying group policy of OS to SQL Server Logins.
For example:
lets assume you have created a group policy on your windows server that the password lenght should be minimum 6 characters and the accout should get locked after 3 unseccessfull attempts.
By doing this a windows login will automatically have this policy applied.
and while creating a SQL Server login if you opt for ENFORCE PASSWORD POLICY it will apply the same policy on sql server login and you have to provide atleast 6 characters of password with same lock out setting.
This doesn't happen on my system (SS 2008 on Windows Server 2008 R2). We have password policies enabled on the domain, including lockouts, but the sa account never gets locked out, no matter how many attempts are made. I checked sa properties in SSMS and Enforce Password Policy is checked.
However I did read somewhere that lockouts were only supported in the Enterprise Edition. We have Standard. But there's no mention of this detail in the docs. So can somebody tell me, is this true or not? (And if not, why else wouldn't it work?)
Thanks.
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply