April 21, 2005 at 7:51 am
I'm a newbie on SQLServer. The SO auditors are asking about a profile configuration file.
Is there a file or area to set things like length of password, login attempts etc in sqlserver 200 for sql authentication?
(Windows authentication is not the issue or used in this case)
Thanks!
April 21, 2005 at 10:18 am
No, SQL Server 2000 does not enforce any kind of policy on SQL account passwords. I didn't have the pleasure of dealing with an actual audit, but our compliance dept wanted to gather this information, just in case...
Basically what I had to do is to show that we had written policies about users and passwords; and that our servers were secured so that only our DBA's had the ability to create/modify users and passwords; and that our DBA's were all aware of, and complied with the policies.
/*****************
If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek
*****************/
May 13, 2005 at 4:49 pm
Thanks for the info!
May 16, 2005 at 9:49 pm
For what it is worth, Yukon does enforce all manner of password related checks based in the relevant Windows policy.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply