Article ID: 2028712 - View products that this article applies to.
Windows Logins abide by the login policies of the underlying Operating System. In SQL Server 2005 and later, SQL Server logins can also adhere to the windows login policies if the operating system version is Windows Server 2003 and later. The parameters specified in the "CREATE LOGIN" T-SQL command dictate if the login policy is enforced. The CHECK_POLICY parameter specifies that the SQL Login must abide by the Windows Login policy and Account Lockout policy which includes the password strength. This option is also available when creating the Login using SQL Server Management Studio.Here is a list of Best Practices for password policy.
Best practices for password policy
· Mandate a strong password policy, including expiration and a complexity policy for your organization.
· Make sure that the password is at least 8 characters long.
· If you must use SQL logins, ensure that SQL Server 2005 runs on the Windows Server 2003 operating system and use password policies.
· Outfit your applications with a mechanism to change SQL login passwords.
· Set MUST_CHANGE for new logins. If MUST_CHANGE is specified, CHECK_EXPIRATION and CHECK_POLICY must be set to ON.
For more information regarding the Password Policy, please refer to the White Paper http://www.microsoft.com/technet/prodtechnol/sql/2005/sql2005secbestpract.mspx
Connecting to SQL Server When System Administrators Are Locked Out
For more information about the products or tools that automatically check for this condition on your instance of SQL Server and on the versions of the SQL Server product, see the following table:
Collapse this tableExpand this table
Article ID: 2028712 - Last Review: April 2, 2012 - Revision: 2.0