Security Question to DBAs

  • Hi have a Stored procedure

    which is having the option to create user like below

    DECLARE @sql NVARCHAR(1000);

    SET @sql = 'CREATE LOGIN ' + @UserName + ' WITH PASSWORD= ''TestUser123'',CHECK_POLICY = OFF'

    EXECUTE(@SQL)

    when Run the above statement in Query Analyzer it is not giving any error.

    When i am calling through ASP.Net application it is giving error.

    Even i tried Hardcode the user name like below in the procedure

    CREATE LOGIN TESTUSER With PASSWORD = 'TestUser123' -- This is working in Query Analyzer but not working from the application.

    The Error Message is

    Password validation failed. The password does not meet Windows policy requirements because it is too short. User does not have permission to perform this action.

    One Additional Information The Database is migrated from SQL server 2000 to 2005

    Any Idea Please ? First of All is it related to DBA?

  • It might be a permission issue.

    When you run the stored procedure through the Query analyzer, You are running it under your account.

    You might be having privileges to create a login.

    When you run through the application , its running under the login you use for connecting the application to the database. It might not have the necessary privileges for creating a login.

  • Create Login requires Server level permissions (system admin or security admin). So be careful in granting those permissions.

  • Thanks for your reply,

    We are using the Integrated authentication which is using my current User id and password to connect to the Database.( the same user which i am using in query Analyzer)

    I am having Security Admin role in the server level.

  • saravanansoft (8/18/2010)


    DECLARE @sql NVARCHAR(1000);

    SET @sql = 'CREATE LOGIN ' + @UserName + ' WITH PASSWORD= ''TestUser123'',CHECK_POLICY = OFF'

    EXECUTE(@SQL)

    .....

    CREATE LOGIN TESTUSER With PASSWORD = 'TestUser123' -- This is working in Query Analyzer but not working from the application.

    The Error Message is

    Password validation failed. The password does not meet Windows policy requirements because it is too short. User does not have permission to perform this action.

    There is a small difference between these statements, you are missing CHECK_POLICY in your application statement. The error message is referring to your group policy settings for password, aka your password is too simple. Either add CHECK_POLICY=OFF or change your password to meet your domain group policy settings.

    [font="Arial"]---

    Mohit K. Gupta, MCITP: Database Administrator (2005), My Blog, Twitter: @SQLCAN[/url].
    Microsoft FTE - SQL Server PFE

    * Some time its the search that counts, not the finding...
    * I didn't think so, but if I was wrong, I was wrong. I'd rather do something, and make a mistake than be frightened and be doing nothing. :smooooth:[/font]

    How to ask for help .. Read Best Practices here[/url].

  • Thanks Gupta, but i am having the Check policy on in my application statement as well.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply