January 7, 2016 at 11:37 am
Hi,
I have a simple question.
If i create a SQL Login and uncheck "Enforce Password Policy", does it have any other default parameters against which it would check. Basically what is the default behavior if sql password policy settings "enforce password policy" is off.
Thanks,
January 7, 2016 at 3:23 pm
If you choose not to "Enforce Password Policy", then the password can be anything including blank. I would strongly advise against this.
You can read more here: https://msdn.microsoft.com/en-us/library/aa337562.aspx#SSMSProcedure
January 7, 2016 at 8:16 pm
Thank you for the answer.
Is there is a way through which I can force some restrictions on password being created without having to select "Enforce Password Policy". Like for example I want to be specific only about password length or only complexity. Can I set this centrally somewhere at the SQL Instance level.
January 8, 2016 at 4:18 am
No. This is set in AD. If you're not using Windows Authentication for some reason - and you always should, unless you actualy can't (validating logins from users not in your AD domain for example) - why would you want to pick and choose what part of your mandated password standards you're choosing to implement? If you choose to ignore security policy, and your app is compromised as a result, that's your fault.
I'm a DBA.
I'm not paid to solve problems. I'm paid to prevent them.
January 8, 2016 at 10:25 pm
Check out the following link hope this link will help you: https://msdn.microsoft.com/en-us/library/ms161959.aspx
January 9, 2016 at 1:17 am
Thanks for your answers.
We have decided to have "Enforce password Policy" on for all non-domain accounts.
January 9, 2016 at 9:59 am
harikumar.mindi (1/9/2016)
Thanks for your answers.We have decided to have "Enforce password Policy" on for all non-domain accounts.
I think you made the right decision. Having simple (or empty :w00t:) passwords is an invitation for trouble.
January 9, 2016 at 10:34 am
Actually applications have been migrated from old datacenter to a new one. We were not managing the old one and observed only after we migrated to new DC and starting auditing the logins. Though it would take some effort coordinating with our application teams because most of the logins will need to have passswords changed now !
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply