Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
denis_the_thief
Aged Yak Warrior
596 Posts |
 Posted - 2014-09-24 : 09:36:07
|
| We have a vendor who has several servers connecting to ours. Since we changed the password for their login, they have been unable to update all there logins and several are regularly failing the login, while some are not. So I temporarily unchecked "Enforce Policy Password". So they are happy, I guess the processes they needed, they were able to correctly update the password, the ones that are constantly failing, they don't need.I'm debating whether or not to turn "Enforce Policy Password" back on. Any ideas?What are the benefits of turning this on? The obvious one is that if someone if trying to hack, they'll get only 3 tries. Another one is that this is the best way that when the password changes they are forced to either update all processes and servers using the passwords or turn off what they don't need. On the other hand, we are a development team and we don't have production servers so security, although important, is less critical.Is there any way to enforce other aspects of the policy but turn off the 3 incorrect attempts and you're locked out? Or to change the attempts before lock-out from 3 to 10? |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-09-24 : 12:03:58
|
| SQL Server uses the policy in Active Directory. So if you want to change the lockout value from 3 to 10, you would do that in AD.Personally I would force the vendor to fix their shit so that you could adhere to best practices.We use "Enforce password policy" but not "Enforce password expiration".Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
 |
|
|
denis_the_thief
Aged Yak Warrior
596 Posts |
Posted - 2014-09-24 : 13:57:22
|
| Thanks, that's awesome.Plus, their servers are doing this every minute, filling our error log with junk. |
|
|
|
|
|
|
|
|
Should we Enforce Policy Password?