SQL Server What is the SQL Server SA (Sys Admin) Password Policy & Default Password April 10, 20221 view0 Share By IG Share If you are searching for the SQL Server SA (Sys Admin) Password and Policy enforcement, this post might help you. SQL Server can use Windows password policy mechanisms. The password policy applies to a login that uses SQL Server authentication and a contained database user with a password. SQL Server can apply the same complexity and expiration policies used in Windows to passwords used inside SQL Server. This functionality depends on the NetValidatePasswordPolicy API. Note: SQL Database enforces password complexity. The password expiration and policy enforcement sections do not apply to SQL Database. Password Complexity Password complexity policies are designed to deter brute force attacks by increasing the number of possible password combinations. When password complexity policy is enforced, new passwords must meet the following guidelines: The Password does not contain the account name of the user. The Password is at least eight characters long. The password contains characters from three of the following four categories: Latin uppercase letters (A through Z) Latin lowercase letters (a through z) Base 10 digits (0 through 9) Non-alphanumeric characters such as exclamation point (!), dollar sign ($), the number sign (#), or percent (%). Passwords can be up to 128 characters long. Use passwords that are as long and complex as possible. Password Expiration Password expiration policies are used to manage the lifespan of a password. When SQL Server enforces a password expiration policy, users are reminded to change old passwords, and accounts that have expired passwords are disabled. Passwords can be the weakest link in a server security deployment. Take great care when you select a password. A strong password has the following characteristics: Is at least eight characters long. Combines letters, numbers, and symbol characters within the Password. Is not found in a dictionary. Is not the name of a command. Is not the name of a person. Is not the name of a user. Is not the name of a computer. Is changed regularly. Is different from previous passwords. Microsoft SQL Server passwords can contain up to 128 characters, including letters, symbols, and digits. Because logins, user names, roles, and passwords are frequently used in Transact-SQL statements, certain symbols must be enclosed by double quotation marks (“) or square brackets ([ ]). Use these delimiters in Transact-SQL statements when the SQL Server login, user, role, or Password has the following characteristics: Contains or starts with a space character. Starts with the $ or @ character. If used in an OLE DB or ODBC connection string, a login or password must not contain the following characters: [] () , ; ? * ! @ =. These characters are used to either initialize a connection or separate connection values. Do not use the following prohibited conditions or terms: The Password field cannot be blank or NULL Do not use these terms: Password Admin Administrator sa sysadmin name of the currently logged in user name of the computer A strong password must be more than 8 characters in length and satisfy at least three of the following four criteria: contain uppercase letters lowercase letters numbers non-alphanumeric characters; for example, #, %, or ^ Remove Password Requirement Another option is to remove the strong password requirement during SQL server installation. Navigate to Start > Administrative Tools > Local Security Policy Expand Account Policies > Password Policy. Right-click on Password must meet complexity requirements. Select Properties > Disabled and click OK. Policy Enforcement The password policy enforcement can be configured separately for each SQL Server login. Use ALTER LOGIN (Transact-SQL) to configure the password policy options of a SQL Server login. The following rules apply to the configuration of password policy enforcement: When CHECK_POLICY is changed to ON, the following behaviors occur: CHECK_EXPIRATION is also set to ON unless it is explicitly set to OFF. The password history is initialized with the value of the current password hash. Account lockout duration, account lockout threshold and reset account lockout counter after are also enabled. When CHECK_POLICY is changed to OFF, the following behaviors occur: CHECK_EXPIRATION is also set to OFF. The password history is cleared. The value of lockout_time is reset. Some combinations of policy options are not supported. If MUST_CHANGE is specified, CHECK_EXPIRATION and CHECK_POLICY must be set to ON. Otherwise, the statement fails. If CHECK_POLICY is set to OFF, CHECK_EXPIRATION cannot be set to ON. An ALTER LOGIN statement that has this combination of options will fail. Setting CHECK_POLICY = ON prevents the creation of passwords that are: Null or empty Same as name of computer or login Any of the following: “password”, “admin”, “administrator”, “sa”, “sysadmin” The security policy might be set in Windows or received from the domain. To view the password policy on the computer, use the Local Security Policy MMC snap-in (secpol.msc). More Reading: SQL Server Password Policy Strong Passwords for SQL Server Disclaimer: The Questions and Answers provided on https://www.gigxp.com are for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Share What's your reaction? Excited 0 Happy 0 In Love 0 Not Sure 0 Silly 0 IG Website Twitter
TSQL How to Effectively split a string using STRING_SPLIT function in SQL server By DataGeekApril 15, 2019
SQL Server SQL Server 2019 System Requirements – Hardware & Software Prereqs In this article, we will be sharing the SQL Server 2019 System Requirements based on ...
Interview Questions T-SQL Performance Tuning on Bulk Load Data in SQL Server 2017 In this article, we are going to talk about a specific scenario where T-SQL Performance ...
SQL Server How To Check & Fix Index Fragmentation on SQL Server via Script & ssms Before we learn to fix Index fragmentation on SQL Server, let us understand why this ...
SQL Server Fixing SQL Server Max Worker Threads: error: 35217, severity: 16, state: 1 If you try fixing SQL Server Max Worker Threads for errors such as: “The thread pool ...