Enforce password policy without 'Enforce password expiration' checked

Question

Enforce password policy without 'Enforce password expiration' checked

Cali_SQLDBA

Mr or Mrs. 500

Points: 530
More actions
September 13, 2011 at 10:30 am

#247790

What would happened to SQL login account if I checked on 'Enforce password policy' only but not on 'Enforce password expiration' option?
Previously all SQL login accounts were created without these options checked.
Will SQL login will be prompt, immediately, for to change new password to comply with 'Enforce password policy' setting?
Or nothing will happen because 'Enforce password expiration' option is not checked? This is production environment, so I want to check before I take any action. I don't want applications using sql account start failing.
Thank you in advance for your time and help.

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply

NJ-DBA SSChampion Points: 13834 More actions · Answer 1

Enforce password expiration sets whether or not passwords expire after a given time period. enforce password policy sets whether or not sql passwords need to meet the complexity requirements of the server. If enfore pthe policy, not the expiration, the newly set passwords will need to meet the password complexity requirements of the server.

Edit: I'm 95% sure of this, I would test this and not make a change like this in production without being 100% sure.

NJ-DBA SSChampion Points: 13834 More actions · Answer 2

NJ-DBA (9/13/2011)
Enforce password expiration sets whether or not passwords expire after a given time period. enforce password policy sets whether or not sql passwords need to meet the complexity requirements of the server. If enfore pthe policy, not the expiration, the newly set passwords will need to meet the password complexity requirements of the server.
Edit: I'm 95% sure of this, I would test this and not make a change like this in production without being 100% sure.

just tested... behavior is as described above on my server. that would make me about 99.5% sure you would get the same behavior.

Cali_SQLDBA Mr or Mrs. 500 Points: 530 More actions · Answer 3

In this case, all the SQL login accounts are already created in the past.

I just need to checked only 'Enforce passowrd policy' option.

Applications using these SQL account should keep running, right? Meaning, it should not prompt for to change password or break?

NJ-DBA SSChampion Points: 13834 More actions · Answer 4

Yes. that's correct.

You could test this by creating a new login which has a simple password, initally with no enforcement. Then changing it.

Cali_SQLDBA Mr or Mrs. 500 Points: 530 More actions · Answer 5

Old Hand, thank you for your time and support.

How do you test using application? any simple application I can test on site also? thank you.

NJ-DBA SSChampion Points: 13834 More actions · Answer 6

Just use managment studio to create a second connection using the login you create...

Cali_SQLDBA Mr or Mrs. 500 Points: 530 More actions · Answer 7

Cali_SQLDBA

Mr or Mrs. 500

Points: 530

September 13, 2011 at 12:11 pm

#1380870

Thank you, Old Hand.

NJ-DBA SSChampion Points: 13834 More actions · Answer 8

LOL, just FYI, it's NJ-DBA, or Warren is my name.... it's says "old hand" as my "level", like yours says "forum newbie"...

Cali_SQLDBA Mr or Mrs. 500 Points: 530 More actions · Answer 9

Cali_SQLDBA

Mr or Mrs. 500

Points: 530

September 13, 2011 at 12:35 pm

#1380878

LOL