Question re password policy

  • hi all,

    recently did an install of SQL2005 on windows 2003, using:

    - mixed mode authentication

    - sa login has 'Enforce password policy' by default.

    - defined database user eg 'mydbuser' with SQL server authentication and no password policy enforced (ie uncheck 'Enforce password policy' password boxes) (used for my app)

    if windows account policy (control panel->Administrator tools->Local Security settings) has Maximum password age = 90days, does it affect the sa login password? if the SQL server was left running until 90 days has lapsed, could server deny access by,say by sa user or 'mydbuser' user?

    many thanks,

  • SQLServer will deny access if you have "Enforce password expiration" enabled.  mydbuser will not expire.  sa default will.  If you unchecked "enforce password expiration" it will not.  I take care that at least two people have sysadmin rights as a windows user, so there is no risk of lock out.

    Joachim.

     

  • thanks joachim - just confirming, are you saying sa will expire even if "enforce password expiration" is not checked but "enforce password policy" is checked?

     

  • No.  You have the check "enforce password expiration".  If you uncheck it it will last forever. It is just that if you do nothing it is checked.

  • ok, gotcha,  joachim, thanks for the clarification

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply