Post reply

"Enforce Password Policy" with application SQL logins

  • April 9, 2010 at 12:33 pm

    #233656

    Our PCI auditor ran a Baseline Security Analysis, and it flagged our SQL logins not being set to enforce password policy. If we change the setting, including the password expiration setting, then I assume we'll need to remember to change the password used by the application before it expires every 3 months ?

  • April 9, 2010 at 8:27 pm

    #1149451

    It will follow what is set on the server. The server should be getting it from the default domain policy. If that is 3 months and you enforce both policy and password expiration, then yes, every 3 months. You can enforce policy without enforcing expiration, however. This is the AD equivalent of setting "Password Never Expires" which isn't an unusual thing with service accounts.

    K. Brian Kelley
    @kbriankelley

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply