SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How do i Set Password Expiration days for a SQL Login


How do i Set Password Expiration days for a SQL Login

Author
Message
haichells
haichells
SSC-Enthusiastic
SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)

Group: General Forum Members
Points: 186 Visits: 468
Hi,

I am creating a Login in code while Installation. I have a requirement now that Login should have Password expiration policy. How do i set this? Please help.

Thanks

Chelladurai
Animal Magic
Animal Magic
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1604 Visits: 13731
It is taken from the local security policy, which by default will be taken from the settings on the DC. You dont actually set these values within SQL.
haichells
haichells
SSC-Enthusiastic
SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)

Group: General Forum Members
Points: 186 Visits: 468
Hi,

Thanks for your response. Can you please tell me what is this DC....
Animal Magic
Animal Magic
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1604 Visits: 13731
The domain controller (assuming you are running on a windows domain) - ask your network admin what the settings are.
haichells
haichells
SSC-Enthusiastic
SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)

Group: General Forum Members
Points: 186 Visits: 468
Hi,

I need to apply the Expiration policy for SQL Logins. Network domain anyway will maintain windows expiration policy i understand.

My query is can we define expiration days/intervals for Sql Logins.
Animal Magic
Animal Magic
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1604 Visits: 13731
haichells (12/21/2007)
Hi,

I need to apply the Expiration policy for SQL Logins. Network domain anyway will maintain windows expiration policy i understand.

My query is can we define expiration days/intervals for Sql Logins.


Yes you can, but it still takes the settings from the security policy. You cant set anything in sql (as far as i know) that will change the expiration periods of sql logins.
MarkusB
MarkusB
SSCertifiable
SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)

Group: General Forum Members
Points: 5845 Visits: 4208
Animal Magic (12/21/2007)
It is taken from the local security policy, which by default will be taken from the settings on the DC. You dont actually set these values within SQL.

You're correct in saying it's defined in the local security policy. But you are wrong in saying that this policy is taken from the Domain Controller. SQL login are treated like local accounts and only the local policy applies to them. Domain policies can overrule local policies for Domain Users, but not for local accounts or SQL accounts.

Markus Bohse
Animal Magic
Animal Magic
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1604 Visits: 13731
ps, search for password policy in BOL.
Animal Magic
Animal Magic
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1604 Visits: 13731
MarkusB (12/21/2007)
Animal Magic (12/21/2007)
It is taken from the local security policy, which by default will be taken from the settings on the DC. You dont actually set these values within SQL.

You're correct in saying it's defined in the local security policy. But you are wrong in saying that this policy is taken from the Domain Controller. SQL login are treated like local accounts and only the local policy applies to them. Domain policies can overrule local policies for Domain Users, but not for local accounts or SQL accounts.


Thanks for clearing that up Markus, i didnt realise at first that we were talking about sql logins only.
haichells
haichells
SSC-Enthusiastic
SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)SSC-Enthusiastic (186 reputation)

Group: General Forum Members
Points: 186 Visits: 468
Hi,

Thanks for all your response. Can you please let me know how to check the local security policy on sql server.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search