Password policy enforcement - Server or Domain?

  • I'm curious as to how 2005 (and maybe 2008) enforces password policy? For example, if I enter a domain account as a login, it will rely on the domain settings.

    But if I create a SQL login and check the enforce password policy box, and maybe expiration as well, does it rely on the local Windows Server policy or still pick up from the domain. From what I read here, it seems to default to the Server and not the domain, but was curious if this is not always the case.

    Thanks.

    Gaby________________________________________________________________"In theory, theory and practice are the same. In practice, they are not." - Albert Einstein

  • Technically it gets it from the server. However, the catch is the server gets its policy from the default domain policy. So effectively it's the domain, unless the server isn't processing GPOs properly.

    K. Brian Kelley
    @kbriankelley

  • Thanks. So hopefully the windows admins have set it up the server properly. 🙂

    Gaby________________________________________________________________"In theory, theory and practice are the same. In practice, they are not." - Albert Einstein

  • If it's on the domain, generally speaking there are no issues. From my experience administering a domain with several thousand systems, we would only occasionally see GPO issues. And most of the time (95%) they were on workstations where there were other issues going on. The rest of the time was usually a time synch issue (meaning the server wasn't authenticating properly against the domain so it couldn't pull the GPO). So yes, unless they've done something really crazy, you've got nothing to worry about.

    K. Brian Kelley
    @kbriankelley

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply