Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Enforcing customized password policy Expand / Collapse
Author
Message
Posted Tuesday, April 6, 2010 1:03 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, January 6, 2011 9:06 AM
Points: 4, Visits: 12
Our biggest servers run SQL Server 2008 or 2005. A lot of users connect to these servers with MS Access. How can we make sure that the following happens.

1. No one is allowed to use password that matches our company's name.
2. Everyone is somehow forced to reset their default password, even if they connect through MS Access.

I know that there is a checkbox to prompt user to change password at first logon. The problem is that this message is not visible to MS Access users.

Any thoughts?
Post #897835
Posted Tuesday, April 6, 2010 2:51 PM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 15,444, Visits: 9,596
Can you set up the Access app to handle that for you? I used to manage an Access-on-SQL (sounds like that should be an English town name) application. I know I had options for having startup code check a variety of things with the database, hardware environment, etc.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #897915
Posted Tuesday, April 6, 2010 2:58 PM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 6:43 AM
Points: 1,523, Visits: 2,201
Are you talking SQL authentication or Windows authentication here?

Jason Shadonix
MCTS, SQL 2005
Post #897922
Posted Tuesday, April 6, 2010 5:21 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, January 6, 2011 9:06 AM
Points: 4, Visits: 12
Our department does not create or support those Access databases. Users can use Access to do whatever that they want to do with the data once they link to the SQL Server database. The company has hundreds and possibly more than a thousand different databases that the users have created on their own. So, putting any kind of code on the end user's side is not an option unfortunately.
Post #898019
Posted Tuesday, April 6, 2010 5:22 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, January 6, 2011 9:06 AM
Points: 4, Visits: 12
SQL Server authentication
Post #898020
Posted Wednesday, April 7, 2010 11:34 AM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 15,444, Visits: 9,596
phiren (4/6/2010)
Our department does not create or support those Access databases. Users can use Access to do whatever that they want to do with the data once they link to the SQL Server database. The company has hundreds and possibly more than a thousand different databases that the users have created on their own. So, putting any kind of code on the end user's side is not an option unfortunately.


In that case, I don't think you're going to accomplish what you're looking for.

So far as I know, anything database-level or server-level is going to be receiving a hash of the password, not the actual string. That makes parsing it for things like the company name virtually impossible.

You can set up policies for the passwords, but Access will just give an error, based on what SQL Server tells it, it won't turn that into something that they can use.


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #898819
Posted Wednesday, April 7, 2010 11:44 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Yesterday @ 6:43 AM
Points: 1,523, Visits: 2,201
I wonder if you can write a quick and dirty VB or C# front-end or CLR type of thing to accomplish this.

Jason Shadonix
MCTS, SQL 2005
Post #898837
Posted Thursday, April 8, 2010 8:09 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, September 15, 2014 8:29 AM
Points: 360, Visits: 1,965
Can you change the authentication to Windows, eliminating the need for a separate ID and password? Use groups to control access to specific dataabses and tables. That would be my choice, as it eliminates the need to maintain SQL ID's in addition to LAN ID's.
Post #899594
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse