Brian,

Great Article, good examples. I like a lot that it points out differences between 7/2000 and 2005.

As a comment, there was probably one typo:

"............In order to turn on policy checking and password expiration, additional options must be specified. Those additional options are:

• SID = SID
• DEFAULT_DATABASE = default database
• DEFAULT_LANGUAGE = default language
• CHECK_EXPIRATION = { ON | OFF}
• CHECK_POLICY = { ON | OFF}
• CREDENTIAL = credential name

................"

I think you meant to say that in order to turn on policy checking and password expiration SOME of the additional options should be specified.  Please, correct me if I am not right and ALL of the above options should be specified for pasword expiration check.

I actually have a question regarding a similar issue. I'm trying to migrate from SQL 2000 to SQL 2005. I need to migrate my windows Logins and SQL logins to SQL 2005 server. I wrote a script to get my SQL logins with their SID's over to SQL 2005 box. Can I also migrate their passwords???

Also, for Windows logins, if I'm trying to migrate them, do I need to care about their SID's? Thank you

Tej

Question?

If I disable a Windows login in SQL Server and I happen to have domain admin permissions, does this disable the login  on the domain?  I tried to disable a group of windows logins in sql and I got permission denied.  I am not an admin in the domain which is why I imagine this happened.

This is scary functionality especially if the windows ids and groups are used beyond SQL.

Susan

It's really awesome article for the beginners in SQL Server 2005 security.

Bhushan