December 21, 2007 at 1:49 am
Hi,
I am creating a Login in code while Installation. I have a requirement now that Login should have Password expiration policy. How do i set this? Please help.
Thanks
Chelladurai
December 21, 2007 at 1:53 am
It is taken from the local security policy, which by default will be taken from the settings on the DC. You dont actually set these values within SQL.
December 21, 2007 at 2:01 am
Hi,
Thanks for your response. Can you please tell me what is this DC....
December 21, 2007 at 2:13 am
The domain controller (assuming you are running on a windows domain) - ask your network admin what the settings are.
December 21, 2007 at 2:20 am
Hi,
I need to apply the Expiration policy for SQL Logins. Network domain anyway will maintain windows expiration policy i understand.
My query is can we define expiration days/intervals for Sql Logins.
December 21, 2007 at 2:38 am
haichells (12/21/2007)
Hi,I need to apply the Expiration policy for SQL Logins. Network domain anyway will maintain windows expiration policy i understand.
My query is can we define expiration days/intervals for Sql Logins.
Yes you can, but it still takes the settings from the security policy. You cant set anything in sql (as far as i know) that will change the expiration periods of sql logins.
December 21, 2007 at 2:39 am
Animal Magic (12/21/2007)
It is taken from the local security policy, which by default will be taken from the settings on the DC. You dont actually set these values within SQL.
You're correct in saying it's defined in the local security policy. But you are wrong in saying that this policy is taken from the Domain Controller. SQL login are treated like local accounts and only the local policy applies to them. Domain policies can overrule local policies for Domain Users, but not for local accounts or SQL accounts.
[font="Verdana"]Markus Bohse[/font]
December 21, 2007 at 2:41 am
ps, search for password policy in BOL.
December 21, 2007 at 2:43 am
MarkusB (12/21/2007)
Animal Magic (12/21/2007)
It is taken from the local security policy, which by default will be taken from the settings on the DC. You dont actually set these values within SQL.You're correct in saying it's defined in the local security policy. But you are wrong in saying that this policy is taken from the Domain Controller. SQL login are treated like local accounts and only the local policy applies to them. Domain policies can overrule local policies for Domain Users, but not for local accounts or SQL accounts.
Thanks for clearing that up Markus, i didnt realise at first that we were talking about sql logins only.
December 21, 2007 at 4:48 am
Hi,
Thanks for all your response. Can you please let me know how to check the local security policy on sql server.
October 5, 2010 at 8:31 am
Hi! Does anybody know how I can get a notification that someone's password will expire in another n days? or to trigger an SP to take action n days before expiry? I'm assuming an SQL server login with Enforce Password Policy and Enforce Password Expiration. Thanks in advance ...
October 5, 2010 at 8:33 am
No need to cross post 🙂
http://www.sqlservercentral.com/Forums/Topic435492-149-1.aspx
October 5, 2010 at 8:54 am
@ mike
/* users, locked or not, and days until expiration */
use master;
go
set nocount on;
go
declare @loginname varchar(200);
declare @logintbl table (
LoginName varchar(20) ,
IsLocked char(5) ,
DaysUntilExpiration int);
declare c_logins cursor
for
select [name] from sys.syslogins
where name in (
select USERID from DYNAMICS..SY01400);
open c_logins;
fetch next from c_logins into @loginname;
while @@FETCH_STATUS = 0
begin
insert @logintbl(LoginName, IsLocked, DaysUntilExpiration)
select
@loginname
,case convert(smallint, LOGINPROPERTY(@loginname, 'IsLocked')) when 0 then 'No' when 1 then 'Yes' end
,convert(int, LOGINPROPERTY(@loginname, 'DaysUntilExpiration'));
fetch next from c_logins into @loginname;
end
close c_logins;
deallocate c_logins;
select * from @logintbl;
go
set nocount off;
go
Regards
Sushant Kumar
MCTS,MCP
October 7, 2010 at 3:24 am
Thanks SKYBVI for your detailed answer! It's exactly what I needed. 🙂
October 7, 2010 at 3:31 am
Oops! I stand corrected :blush: and thanks, Oliiii, for the link toLOGINPROPERTY you provided me in the other thread.
Viewing 15 posts - 1 through 14 (of 14 total)
You must be logged in to reply to this topic. Login to reply