locked
How to set check password policy false for all future new users RRS feed

  • Question

  • Hi,

    We are receving an exception when we are creating a user from our application

    "SQL SERVER 2008 password validation failed the password does not meet windows policy requirements because it is too short"

    We know one option is to use "CHECK_POLICY Off" with alter /Create login. But as the users are being created from an application and we can't change the code in that right now.

    Is there any option in SQL Server to "CHECK_POLICY Off" for a database (NOT a single user). So that all future new users will not be check against any password policy.

    Thanks in advance for any suggestions.

    Wednesday, June 19, 2013 7:11 AM

Answers

  • Hi,

    We are receving an exception when we are creating a user from our application

    "SQL SERVER 2008 password validation failed the password does not meet windows policy requirements because it is too short"

    We know one option is to use "CHECK_POLICY Off" with alter /Create login. But as the users are being created from an application and we can't change the code in that right now.

    Is there any option in SQL Server to "CHECK_POLICY Off" for a database (NOT a single user). So that all future new users will not be check against any password policy.

    Thanks in advance for any suggestions.

    Hi Al,

    I don't believe it's possible to globally disable from within SQL Server as this a Windows Policy, not SQL configuration.   I'm assuming there is no possibility to change the code or generate complex password to meet the policy?  

    Does your SQL Server belong to a Domain? It seems likely you belong to a Domain, which would force policy.

    If you don't the policy probably can be modified using this command from RUN or CMD Window

    secpol.msc 

    Account Policies -> Password Policy

    If this does work, it may help you until your next available application code update to fix. It's not really a good practice or even something I would believe forum readers would support in general, but if you're stuck and this works... it could be an interim fix? 

    -Norm



    • Edited by normchan Wednesday, June 19, 2013 10:53 AM Remove text mentioning application design, doesn't add value to this answer
    • Proposed as answer by Sofiya Li Thursday, June 20, 2013 1:51 AM
    • Marked as answer by Fanny Liu Tuesday, July 9, 2013 5:42 AM
    Wednesday, June 19, 2013 10:47 AM
  • As suggested by Norm u can remove password policy but that could be security risk,this will allow lazy DBA's to create passoword which can be eaisly hacked through social engineering,You might not know but price may be high...If password policy is made , its made keeping security in picture ...

    Thanks


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    • Proposed as answer by Sofiya Li Tuesday, July 9, 2013 4:12 AM
    • Marked as answer by Fanny Liu Tuesday, July 9, 2013 5:42 AM
    Wednesday, June 19, 2013 11:42 AM
  • Hi Al,

    Usually, we recommend that you use password policy mechanisms to maintain a SQL Server security environment. But if you want to use an application to create a new login name successfully by verifying the simple passwords, we suggest writing other applications to generate random passwords. For instance, random password programs always produce a mix of letters, numbers and special characters.Then these random passwords are combined with the simple passwords which you type. It can ensure that the resulting password complies with the password policy.

    Thanks,
    Sofiya Li


    Sofiya Li
    TechNet Community Support

    • Proposed as answer by Sofiya Li Tuesday, July 9, 2013 4:12 AM
    • Marked as answer by Fanny Liu Tuesday, July 9, 2013 5:42 AM
    Wednesday, June 26, 2013 3:16 AM

All replies

  • Hi,

    We are receving an exception when we are creating a user from our application

    "SQL SERVER 2008 password validation failed the password does not meet windows policy requirements because it is too short"

    We know one option is to use "CHECK_POLICY Off" with alter /Create login. But as the users are being created from an application and we can't change the code in that right now.

    Is there any option in SQL Server to "CHECK_POLICY Off" for a database (NOT a single user). So that all future new users will not be check against any password policy.

    Thanks in advance for any suggestions.

    Hi Al,

    I don't believe it's possible to globally disable from within SQL Server as this a Windows Policy, not SQL configuration.   I'm assuming there is no possibility to change the code or generate complex password to meet the policy?  

    Does your SQL Server belong to a Domain? It seems likely you belong to a Domain, which would force policy.

    If you don't the policy probably can be modified using this command from RUN or CMD Window

    secpol.msc 

    Account Policies -> Password Policy

    If this does work, it may help you until your next available application code update to fix. It's not really a good practice or even something I would believe forum readers would support in general, but if you're stuck and this works... it could be an interim fix? 

    -Norm



    • Edited by normchan Wednesday, June 19, 2013 10:53 AM Remove text mentioning application design, doesn't add value to this answer
    • Proposed as answer by Sofiya Li Thursday, June 20, 2013 1:51 AM
    • Marked as answer by Fanny Liu Tuesday, July 9, 2013 5:42 AM
    Wednesday, June 19, 2013 10:47 AM
  • As suggested by Norm u can remove password policy but that could be security risk,this will allow lazy DBA's to create passoword which can be eaisly hacked through social engineering,You might not know but price may be high...If password policy is made , its made keeping security in picture ...

    Thanks


    Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers

    • Proposed as answer by Sofiya Li Tuesday, July 9, 2013 4:12 AM
    • Marked as answer by Fanny Liu Tuesday, July 9, 2013 5:42 AM
    Wednesday, June 19, 2013 11:42 AM
  • HI Chan,

    Thanks for you response. You are right, we can't change the source to provide a complex password through the appliation. 

    And the password policy is coming from domain and we are also not allowd to change that as per company policy.

    Thanks.

    Wednesday, June 19, 2013 10:54 PM
  • Sorry Shanky, I think I was not clear enough, we can't change the source to provide a complex password through the appliation.
    Wednesday, June 19, 2013 10:55 PM
  • Hi Al,

    Usually, we recommend that you use password policy mechanisms to maintain a SQL Server security environment. But if you want to use an application to create a new login name successfully by verifying the simple passwords, we suggest writing other applications to generate random passwords. For instance, random password programs always produce a mix of letters, numbers and special characters.Then these random passwords are combined with the simple passwords which you type. It can ensure that the resulting password complies with the password policy.

    Thanks,
    Sofiya Li


    Sofiya Li
    TechNet Community Support

    • Proposed as answer by Sofiya Li Tuesday, July 9, 2013 4:12 AM
    • Marked as answer by Fanny Liu Tuesday, July 9, 2013 5:42 AM
    Wednesday, June 26, 2013 3:16 AM