November 7, 2006 at 9:35 pm
hi all,
recently did an install of SQL2005 on windows 2003, using:
- mixed mode authentication
- sa login has 'Enforce password policy' by default.
- defined database user eg 'mydbuser' with SQL server authentication and no password policy enforced (ie uncheck 'Enforce password policy' password boxes) (used for my app)
if windows account policy (control panel->Administrator tools->Local Security settings) has Maximum password age = 90days, does it affect the sa login password? if the SQL server was left running until 90 days has lapsed, could server deny access by,say by sa user or 'mydbuser' user?
many thanks,
November 8, 2006 at 1:48 am
SQLServer will deny access if you have "Enforce password expiration" enabled. mydbuser will not expire. sa default will. If you unchecked "enforce password expiration" it will not. I take care that at least two people have sysadmin rights as a windows user, so there is no risk of lock out.
Joachim.
November 8, 2006 at 4:50 pm
thanks joachim - just confirming, are you saying sa will expire even if "enforce password expiration" is not checked but "enforce password policy" is checked?
November 9, 2006 at 1:18 am
No. You have the check "enforce password expiration". If you uncheck it it will last forever. It is just that if you do nothing it is checked.
November 9, 2006 at 11:26 pm
ok, gotcha, joachim, thanks for the clarification
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply