<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
Article Discussions
»
Article Discussions by Author
»
Discuss content posted by Dr. Diana Dee
»
Password policies checked by CHECK_POLICY
26 posts, Page 2 of 3
««
1
2
3
»»
Password policies checked by CHECK_POLICY
Rate Topic
Display Mode
Topic Options
Author
Message
craigpessano
craigpessano
Posted Monday, November 24, 2008 8:24 AM
SSCarpal Tunnel
Group: General Forum Members
Last Login: 2 days ago @ 2:51 PM
Points: 4,003,
Visits: 1,485
Mohit (11/24/2008)
Old Password is required if a user was changing the password. If you were changing the password with SysAdmin account it doesn't care.
Yes I was using a sysadmin account to change the password. Thanks for the additional info Mohit. This wasn't clear from BOL.
Post #607578
dgabele
dgabele
Posted Monday, November 24, 2008 9:04 AM
SSCrazy
Group: General Forum Members
Last Login: 2 days ago @ 6:14 AM
Points: 2,379,
Visits: 423
Could someone elaborate on what "Store password using reversible encryption" is and why it does not apply? I couldn't locate any info to prove it is/is not applicable.
Post #607635
Mohit K. Gupta
Mohit K. Gupta
Posted Monday, November 24, 2008 9:19 AM
SSC Eights!
Group: General Forum Members
Last Login: 2 days ago @ 12:37 PM
Points: 941,
Visits: 1,041
I am not sure if applys to SQL Server directly ... I found the following artile:
Store passwords using reversible encryption
http://technet.microsoft.com/en-us/library/cc784581.aspx
EDIT: But since it is a policy setting maybe it can affect it indirectly. Although I am not sure if we are using that on our domain so I cannot confirm if this policy setting has an affect on SQL Server or not.
Thanks ...
---
Mohit K. Gupta, MCITP: Database Administrator (2005),
My Blog
, Twitter:
@SQLCAN
.
Microsoft FTE - SQL Server PFE
* Some time its the search that counts, not the finding...
* I didn't think so, but if I was wrong, I was wrong. I'd rather do something, and make a mistake than be frightened and be doing nothing.
How to ask for help .. Read Best Practices
here
.
Post #607656
Dr. Diana Dee
Dr. Diana Dee
Posted Monday, November 24, 2008 9:26 AM
SSCrazy
Group: General Forum Members
Last Login: Friday, April 19, 2013 3:02 PM
Points: 2,768,
Visits: 108
If I recall correctly, "store password with reversible encryption" is used when the domain has NT 4.0 RAS servers. Use of that policy is considered dangerous.
Off the top of my head, I think that policy would affect Windows logins only, because SQL Server uses a one-way hash to store passwords for SQL Server logins.
)
Post #607662
Chad Crawford
Chad Crawford
Posted Monday, November 24, 2008 10:48 AM
SSCrazy
Group: General Forum Members
Last Login: 2 days ago @ 12:52 PM
Points: 2,548,
Visits: 17,348
Dr. Diana Dee (11/23/2008)
However, in my experiments, with a SQL Server login having only CHECK_POLICY in effect (but not CHECK_EXPIRATION), when minimum age was set, I could not change the password until then, and with History set I could not change the password to the same one for as many as specified by the History.
That implies that the quote from the article below is incorrect, which is what I used to answer the QOD.
shucks.
http://searchsqlserver.techtarget.com/news/article/0,289142,sid87_gci1102101,00.html
CHECK_EXPIRATION encompasses minimum and maximum password age, and CHECK_POLICY encompasses all the other policies. When you run afoul of either policy, the SQL Server login must be unlocked by the DBA, as shown shortly in an example.
Interestingly, they included Store Passwords using reversable encryption in the list, but I don't know exactly how that would be (or if it is) implemented with 2K5.
Post #607728
Dr. Diana Dee
Dr. Diana Dee
Posted Monday, November 24, 2008 1:41 PM
SSCrazy
Group: General Forum Members
Last Login: Friday, April 19, 2013 3:02 PM
Points: 2,768,
Visits: 108
Thank you for the reference. I had not been able to find any articles that were so definitive about which password policies went with which login option.
)
Post #607850
Soren Nielsen
Soren Nielsen
Posted Monday, November 24, 2008 2:05 PM
SSC Veteran
Group: General Forum Members
Last Login: Wednesday, April 17, 2013 5:21 AM
Points: 260,
Visits: 306
Hi,
I also disagree like others here, this is what I found on the net:
There are two password options for SQL Server logins: CHECK_EXPIRATION and CHECK_POLICY. CHECK_EXPIRATION encompasses minimum and maximum password age, and CHECK_POLICY encompasses all the other policies. When you run afoul of either policy, the SQL Server login must be unlocked by the DBA, as shown shortly in an example.
//SUN
Post #607867
Dr. Diana Dee
Dr. Diana Dee
Posted Monday, November 24, 2008 2:18 PM
SSCrazy
Group: General Forum Members
Last Login: Friday, April 19, 2013 3:02 PM
Points: 2,768,
Visits: 108
Is your URL source different from and later than that posted by Chad Crawford? His dates from February 2005.
)
Post #607878
David in .AU
David in .AU
Posted Monday, November 24, 2008 2:39 PM
Mr or Mrs. 500
Group: General Forum Members
Last Login: Sunday, March 17, 2013 5:34 PM
Points: 521,
Visits: 543
Per Books Online under the section headed Password Policy
Policy Enforcement
The enforcement of password policy can be configured separately for each SQL Server login. Use ALTER LOGIN (Transact-SQL) to configure the password policy options of a SQL Server login. The following rules apply to the configuration of password policy enforcement:
When CHECK_POLICY is changed to ON, the following behaviors occur:
CHECK_EXPIRATION is also set to ON unless it is explicitly set to OFF.
The password history is initialized with the value of the current password hash.
What it doesn't mention is whether complexity is also checked, but I have the suspicion that may be default behaviour.
-d
Post #607894
Dr. Diana Dee
Dr. Diana Dee
Posted Monday, November 24, 2008 3:17 PM
SSCrazy
Group: General Forum Members
Last Login: Friday, April 19, 2013 3:02 PM
Points: 2,768,
Visits: 108
Books Online never said which policies were associated with which login option. That's why I performed the experiment.
)
Post #607914
« Prev Topic
|
Next Topic »
26 posts, Page 2 of 3
««
1
2
3
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
