Home Forums Article Discussions Article Discussions by Author Discuss content posted by Dr. Diana Dee Password policies checked by CHECK_POLICY RE: Password policies checked by CHECK_POLICY

  • November 24, 2008 at 4:17 pm

    #902803

    Hrmm...

    Either BOL is wrong or there is a bug (sorry, undocument feature) in SQL Server, either of which is possible.

    One question I do have is whether the windows 2k3 password policies will override the sql expiration off setting.

    specifically (from BOL):

    CHECK_EXPIRATION = { ON | OFF }

    Applies only to SQL Server logins. Specifies whether password expiration policy should be enforced on this login. The default value is OFF.

    CHECK_POLICY = { ON | OFF }

    Applies only to SQL Server logins. Specifies that the Windows password policies of the computer on which SQL Server is running should be enforced on this login. The default value is ON.

    As you can see, Check_Expiration makes no mention of the windows policy but Check_Policy says that it will enforce the windows policy; could it be that Expiration ON is only useful if you want to enforce this regardless of what the windows policy says? Did you test disabling expiration in the windows policy and then playing with the SQL expiration?

    -d