Home Forums SQL Server 2008 Security (SS2K8) Enabling "Enforce password expiration" on an account with an old password RE: Enabling "Enforce password expiration" on an account with an old password

  • Sounds like your employer is putting the cart before the horse. If your applications don't have the facility to reset expired passwords then things are going to start breaking when passwords expire. Explain that, for this to work, they need to rewrite those applications. As soon as they realise how expensive that is, they'll allow exceptions so that it becomes workable. For example, how about a policy that only the sa password (which nobody uses to connect, do they?) expires?

    John