Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

The Voice of the DBA

Steve Jones is the editor of and visits a wide variety of data related topics in his daily editorial. Steve has spent years working as a DBA and general purpose Windows administrator, primarily working with SQL Server since it was ported from Sybase in 1990. You can follow Steve on Twitter at

SQL Authentication – Forcing Password Changes

When you create a SQL Server login (with SQL authentication), you have the option of enforcing password policies from Windows (in SQL Server 2005 and above).


The recommendation is that you check all three and force strong passwords. You also force a password change so the person has a private password not known by the administrator.

If you go back into this account later, and look at the boxes, only 2 are available to be checked. The “User must change password at next login” is grated out.


In order to access this box and force a password change, you need to change the password. The reason is that if the account is compromised, the hacker should not be the one to set a new password. The security model assumes the administrator can contact the legitimate owner offline and give them the new password.

Start typing in the password box, and you can check the box:


Of course you need to set a password that conforms to the policies, and it needs to match the confirm edit box Winking smile

Filed under: Blog Tagged: security, sql server, syndicated


No comments.

Leave a Comment

Please register or log in to leave a comment.