August 15, 2017 at 3:26 pm
Hi
When a sqlserver authenticated login is set to check_expiration=on, when will the user have to change its password? will it be automatically prompted after a certain number of days? or how does it work?
thanks in advance...
August 15, 2017 at 5:32 pm
caz100 - Tuesday, August 15, 2017 3:26 PMHiWhen a sqlserver authenticated login is set to check_expiration=on, when will the user have to change its password? will it be automatically prompted after a certain number of days? or how does it work?
thanks in advance...
It's picked up from the local policy on the server which would be pushed down from the Group Policies. So it uses what is used in the windows domain. If you wanted to check what is set, from the server go to Local Security Policy (or run secpol.msc) to Account Policies to Password Policies.
Depending on how the user connects, they can get notified when it has expired and is prompted to enter a new password. There are a too many different ways on how this is or isn't support so I just refer to the documentation on it:
Changing Passwords Programmatically
Some places prefer to use a script, stored procedure to notify users when their password will expire in xx number of days. And in that case, you need a way to determine the password either by querying AD if you have access, storing it in a database or some other means. How or what you can do varies by company.
Sue
August 16, 2017 at 2:15 am
Thanks Sue
That is very useful. I was aware the the windows authenticated password expiry would come from some sort of group policy but wasn't aware that the sqlserver authenticated ones would be picked up locally by the windows server settings.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply