Enforcing customized password policy

  • Our biggest servers run SQL Server 2008 or 2005. A lot of users connect to these servers with MS Access. How can we make sure that the following happens.

    1. No one is allowed to use password that matches our company's name.

    2. Everyone is somehow forced to reset their default password, even if they connect through MS Access.

    I know that there is a checkbox to prompt user to change password at first logon. The problem is that this message is not visible to MS Access users.

    Any thoughts?

  • Can you set up the Access app to handle that for you? I used to manage an Access-on-SQL (sounds like that should be an English town name) application. I know I had options for having startup code check a variety of things with the database, hardware environment, etc.

    - Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
    Property of The Thread

    "Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon

  • Are you talking SQL authentication or Windows authentication here?

    The Redneck DBA

  • Our department does not create or support those Access databases. Users can use Access to do whatever that they want to do with the data once they link to the SQL Server database. The company has hundreds and possibly more than a thousand different databases that the users have created on their own. So, putting any kind of code on the end user's side is not an option unfortunately.

  • SQL Server authentication

  • phiren (4/6/2010)


    Our department does not create or support those Access databases. Users can use Access to do whatever that they want to do with the data once they link to the SQL Server database. The company has hundreds and possibly more than a thousand different databases that the users have created on their own. So, putting any kind of code on the end user's side is not an option unfortunately.

    In that case, I don't think you're going to accomplish what you're looking for.

    So far as I know, anything database-level or server-level is going to be receiving a hash of the password, not the actual string. That makes parsing it for things like the company name virtually impossible.

    You can set up policies for the passwords, but Access will just give an error, based on what SQL Server tells it, it won't turn that into something that they can use.

    - Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
    Property of The Thread

    "Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon

  • I wonder if you can write a quick and dirty VB or C# front-end or CLR type of thing to accomplish this.

    The Redneck DBA

  • Can you change the authentication to Windows, eliminating the need for a separate ID and password? Use groups to control access to specific dataabses and tables. That would be my choice, as it eliminates the need to maintain SQL ID's in addition to LAN ID's.

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply