March 12, 2019 at 9:40 pm
I am going to apply password policy to a login.
ALTER LOGIN [XXXX] WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_POLICY=ON
GO
Will the login get locked as his current password does not fulfill the password policy?
Thank you!
March 14, 2019 at 7:18 pm
lohoiyi - Tuesday, March 12, 2019 9:40 PMI am going to apply password policy to a login.ALTER LOGIN [XXXX] WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_POLICY=ON
GOWill the login get locked as his current password does not fulfill the password policy?
Thank you!
It will not force the user to logoff. See the below snippet from the docs:
When a login (or a contained database user) connects and is authenticated, the connection caches identity information about the login. For a Windows Authentication login, this includes information about membership in Windows groups. The identity of the login remains authenticated as long as the connection is maintained. To force changes in the identity, such as a password reset or change in Windows group membership, the login must logoff from the authentication authority (Windows or SQL Server), and log in again. A member of the
sysadmin fixed server role or any login with the ALTER ANY CONNECTION permission can use the KILL command to end a connection and force a login to reconnect. SQL Server Management Studio can reuse connection information when opening multiple connections to Object Explorer and Query Editor windows. Close all connections to force reconnection.
What you should do, when enabling the policy check, is include the MUST_CHANGE option to force them to change the password on the next login. You can then wait for them to disconect all sessions, or kill their sessions to force logoff.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply