Welcome to dbForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Password complexity

  
   Database Forums (Home) -> Security RSS
Next:  HELP: problem with $_POST in my server.  
Author Message
MangroveMtn

External


Since: Oct 19, 2008
Posts: 2



(Msg. 1) Posted: Sun Oct 19, 2008 10:16 pm
Post subject: Password complexity
Archived from groups: microsoft>public>sqlserver>security (more info?)
We sell a third party application that uses SQL 2005 as a back end. It has
internal user accounts and creates a matching SQL Login when a user account
is created. The default password is not complex and when password complexity
testing is enabled on the SQL Server, it causes the process to fail.

I'm looking for a way to disable password policy checking just on the SQL
Server.

My research indicated that it is set in Group Policy, but I haven't found a
way to disable it for SQL Server without also disabling it for Users and
Computers....

Any thoughts?

In advance let me say that I understand that it may not be good from a
security point of view, and I know that I can script the creation of the
matching SQL Logins (I had to do 20 today) with or without security policy
enabled.

Thanks,

 >> Stay informed about: Password complexity 
Back to top
Login to vote
Dan Guzman1

External


Since: Aug 22, 2004
Posts: 469



(Msg. 2) Posted: Mon Oct 20, 2008 6:26 am
Post subject: Re: Password complexity [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
> My research indicated that it is set in Group Policy, but I haven't found
> a
> way to disable it for SQL Server without also disabling it for Users and
> Computers....

SQL Server will honor the OS complexity requirements unless you override
this on the CREATE LOGIN. For example:

CREATE LOGIN AppLogin
WITH
PASSWORD = 'not complex enough',
CHECK_POLICY = OFF;


--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"MangroveMtn" wrote in message

> We sell a third party application that uses SQL 2005 as a back end. It
> has
> internal user accounts and creates a matching SQL Login when a user
> account
> is created. The default password is not complex and when password
> complexity
> testing is enabled on the SQL Server, it causes the process to fail.
>
> I'm looking for a way to disable password policy checking just on the SQL
> Server.
>
> My research indicated that it is set in Group Policy, but I haven't found
> a
> way to disable it for SQL Server without also disabling it for Users and
> Computers....
>
> Any thoughts?
>
> In advance let me say that I understand that it may not be good from a
> security point of view, and I know that I can script the creation of the
> matching SQL Logins (I had to do 20 today) with or without security policy
> enabled.
>
> Thanks,

 >> Stay informed about: Password complexity 
Back to top
Login to vote
MangroveMtn

External


Since: Oct 19, 2008
Posts: 2



(Msg. 3) Posted: Mon Oct 20, 2008 6:53 am
Post subject: Re: Password complexity [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Thanks for the reply Dan. I guess you're telling me No. Shame.

The third party application is supposed to handle this automatically to
allow non-technical users to be insulated from SQL Server. Works fine on a
SQL Installation where the password complexity policy is not enabled, but it
was developed for SQL 2000 and they haven't rewritten it yet to allow for it.

As I mentioned, I scripted the creation of 20 of them yesterday, in exactly
the way you've described.

Anyway, I appreciate the feedback!

"Dan Guzman" wrote:

> > My research indicated that it is set in Group Policy, but I haven't found
> > a
> > way to disable it for SQL Server without also disabling it for Users and
> > Computers....
>
> SQL Server will honor the OS complexity requirements unless you override
> this on the CREATE LOGIN. For example:
>
> CREATE LOGIN AppLogin
> WITH
> PASSWORD = 'not complex enough',
> CHECK_POLICY = OFF;
>
>
> --
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
> http://weblogs.sqlteam.com/dang/
>
> "MangroveMtn" wrote in message
>
> > We sell a third party application that uses SQL 2005 as a back end. It
> > has
> > internal user accounts and creates a matching SQL Login when a user
> > account
> > is created. The default password is not complex and when password
> > complexity
> > testing is enabled on the SQL Server, it causes the process to fail.
> >
> > I'm looking for a way to disable password policy checking just on the SQL
> > Server.
> >
> > My research indicated that it is set in Group Policy, but I haven't found
> > a
> > way to disable it for SQL Server without also disabling it for Users and
> > Computers....
> >
> > Any thoughts?
> >
> > In advance let me say that I understand that it may not be good from a
> > security point of view, and I know that I can script the creation of the
> > matching SQL Logins (I had to do 20 today) with or without security policy
> > enabled.
> >
> > Thanks,
>
>
 >> Stay informed about: Password complexity 
Back to top
Login to vote
Display posts from previous:   
   Database Forums (Home) -> Security All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]