locked
SQL Server 2005 Password Policy RRS feed

  • Question

  • I am facing a problem due to Password policy used by MS SQL Server 2005. SQL Server enforces Windows System password policy (secpol.msc) for any Login that you add to database. You can change the setting at login level, not to use System password policy only after login is created. But when you create login - SQL Server expects you to follow the password policy set by system.

    We are provided a vendor script which has userid/password hardcoded and unfortunately , the hardcoded password does not meets the requirements set in Policy Manager. And so the script fails when it tries creating database with error " Password validation failed. The password does not meet windows policy requirements because it is not complex enough.

    Its very difficult for us to disable the password policy as it is defined on domain level , not system level so it will affect all the system in the domain.

    What i am looking for is a way to configure MS SQL Server 2005 not to use windows password policy by default so that whenever a new user is added it should not be required to follow standards set in policy manager.

    Thanks in advance
    Reetesh
    Wednesday, November 18, 2009 9:13 AM

Answers

  • I am not aware of any such options that we can explicitly set in the SQl server settings to not to look at windows/domain policy. Meanwhile can you ask your network /sysadmin guys to remove this box from that domain password policy if your company rules permit that. The last thing would be to talk to your Vendor and remodify the SQL script to reflect check_policy = off in their executables...
    Thanks, Leks
    Wednesday, November 18, 2009 9:56 AM

All replies

  • You may set the CHECK_POLICY to be off in the script . This works only for SQL logins.

    From BOL:

    CHECK_POLICY = { ON | OFF }
    Applies to SQL Server logins only. Specifies that the Windows password policies of the computer on which SQL Server is running should be enforced on this login. The default value is ON.

    Thanks, Leks
    Wednesday, November 18, 2009 9:40 AM
  • thnx Lekss,
     
    We can not change the script ( its actually an executable ), is there a way to tell MS SQL Server 2005 not to use Windows password policy at all ?
    Wednesday, November 18, 2009 9:52 AM
  • I am not aware of any such options that we can explicitly set in the SQl server settings to not to look at windows/domain policy. Meanwhile can you ask your network /sysadmin guys to remove this box from that domain password policy if your company rules permit that. The last thing would be to talk to your Vendor and remodify the SQL script to reflect check_policy = off in their executables...
    Thanks, Leks
    Wednesday, November 18, 2009 9:56 AM