Using DDL Trigger

,

Purpose: Restrict to Create / Alter logins with blank passwords irrespective of "Enforce password security" enabled / disabled.

Execute the above script . Try to Create / Alter password with a blank password. It will not allow you to create the same.

If anyone has a better solution, then please free to contact me.

CREATE TRIGGER Trg_EnforceNoBlankPassword
on ALL SERVER
FOR CREATE_LOGIN, ALTER_LOGIN
AS 
		
BEGIN
		DECLARE @ObjName AS VARCHAR(256), @PWD AS VARCHAR(256)

		SELECT @ObjName = EVENTDATA().value('(/EVENT_INSTANCE/ObjectName )[1]','nvarchar(max)')

		SELECT @Pwd = PWDCOMPARE('',PASSWORD)
		FROM master..syslogins 
		WHERE Name = @ObjName

		IF @PWD = 1
		BEGIN
				RAISERROR ('PASSWORD CANNOT BE BLANK' , 18, 1)
				ROLLBACK
		END
END

Rate

5 (1)

Share

Share

Rate

5 (1)