September 19, 2007 at 5:22 am
Does any have any advice/scripts/Sp's/options/etc... on enforcing SQL Server login password policies in SQL Svr 2k?
I'm looking to enforce the account lockout duration & account lockout threshold policies in SQL Svr 2k. This functionality is available in SQL Svr 2k5, but not SQL Svr 2k, with the use of the NetValidatePasswordPolicy API in Windows Server 2003. My SQL Svr 2k database servers are running on Windows Server 2003.
Any feedback would be greatly appreciated. Thanks.
September 26, 2007 at 2:46 am
Brad,
you cannot lock out or disable an account in SQL 2000. So even if you would read the error log for failed login attempts, there's no action to block an account for a certain time.
The only thing you can implement is a check for minimum password length. You can find one example of it here: http://www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx
Markus
[font="Verdana"]Markus Bohse[/font]
October 7, 2007 at 9:09 pm
The only thing that I've done in the past is check for a change to the user. When the user changes a password, the data in syslogins is updated (some date in there, change one, check the fields). I've used this in a scan to check if there were no changes in xx days. If so, we sent an email to the individual (need some tracking here). If yyyy days passed without a change, we just changed the pwd to a random entry. That way the person would need to call for a reset and we could just have old accounts "turned off" if they weren't being used.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply