I've tried to find a definitive answer to this but I cannot. If CHECK_POLICY = ON and CHECK_EXPIRATION = ON will password history be checked when a user changes their password? By password history I mean the idea that a password once used cannot be used again for another X password resets....
If password history does work, why would executing the following statement multiple times then work?
ALTER LOGIN Bob WITH Password = '123User321'
If I execute this statement four times in a row wouldn't I get a message that I cannot reuse the password on the second call?
Thanks in advance
No, password history won't take effect in your example, because what you are doing is resetting the password. You have two methods of changing a password: (1) password change and (2) password reset. Anyone can change his own password - a password change will happen in SQL Server when the OLD_PASSWORD parameter is specified as well. Only grantees of ALTER ANY LOGIN can reset the password of a login (but they would need to have CONTROL SERVER to reset the password of an account that has CONTROL SERVER) - a password reset is what will happen if you don't specify OLD_PASSWORD. Password resets are administrative actions and they bypass password history checks (although they still update the password history).
Thanks
Laurentiu
That's the information I was looking for!
Thanks.
No comments:
Post a Comment