Password History with CHECK_POLICY and CHECK_EXPIRATION

I've tried to find a definitive answer to this but I cannot. If CHECK_POLICY = ON and CHECK_EXPIRATION = ON will password history be checked when a user changes their password? By password history I mean the idea that a password once used cannot be used again for another X password resets....

If password history does work, why would executing the following statement multiple times then work?

ALTER LOGIN Bob WITH Password = '123User321'

If I execute this statement four times in a row wouldn't I get a message that I cannot reuse the password on the second call?

Thanks in advance

No, password history won't take effect in your example, because what you are doing is resetting the password. You have two methods of changing a password: (1) password change and (2) password reset. Anyone can change his own password - a password change will happen in SQL Server when the OLD_PASSWORD parameter is specified as well. Only grantees of ALTER ANY LOGIN can reset the password of a login (but they would need to have CONTROL SERVER to reset the password of an account that has CONTROL SERVER) - a password reset is what will happen if you don't specify OLD_PASSWORD. Password resets are administrative actions and they bypass password history checks (although they still update the password history).

Thanks
Laurentiu

|||

That's the information I was looking for!

Thanks.

Password History in SQL Server

I know that there is a rule in SQL Server password naming that last n number
of password cannot be used. Can anyone tell me how much is this n?
Thanks in advanceHi
SQL Server 7.0, 2000 and 2005 do not keep password history.
If you have a need for this, use NT Integrated Security and then that is
done at AD level.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"SRV" <SRV@.discussions.microsoft.com> wrote in message
news:CB0A689E-7AB6-47FA-AADD-8F774F390974@.microsoft.com...
>I know that there is a rule in SQL Server password naming that last n
>number
> of password cannot be used. Can anyone tell me how much is this n?
> Thanks in advance
>|||> SQL Server 7.0, 2000 and 2005 do not keep password history.
Mike, I believe SQL 2005 indirectly provides a password history policy under
Windows 2003 when with the CHECK_POLICY option is ON. SQL Server calls the
Windows NetValidatePasswordPolicy API to enforce local server password
policies.
Hope this helps.
Dan Guzman
SQL Server MVP
"Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
news:uJZeRYw5FHA.2984@.TK2MSFTNGP14.phx.gbl...
> Hi
> SQL Server 7.0, 2000 and 2005 do not keep password history.
> If you have a need for this, use NT Integrated Security and then that is
> done at AD level.
> Regards
> --
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
> IM: mike@.epprecht.net
> MVP Program: http://www.microsoft.com/mvp
> Blog: http://www.msmvps.com/epprecht/
> "SRV" <SRV@.discussions.microsoft.com> wrote in message
> news:CB0A689E-7AB6-47FA-AADD-8F774F390974@.microsoft.com...
>|||That is right: On Windows 2003, SQL Server 2005 can enforce the Windows
password policy. The password history length is determined by the Windows
policy in that case. You can display the policy settings by running
secpol.msc.
Thanks
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dan Guzman" wrote:

> Mike, I believe SQL 2005 indirectly provides a password history policy und
er
> Windows 2003 when with the CHECK_POLICY option is ON. SQL Server calls th
e
> Windows NetValidatePasswordPolicy API to enforce local server password
> policies.
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP
> "Mike Epprecht (SQL MVP)" <mike@.epprecht.net> wrote in message
> news:uJZeRYw5FHA.2984@.TK2MSFTNGP14.phx.gbl...
>
>