We have a change in policy in the organisation and a password complexity policy will be applied to active directory. I know when Enforce password complexity is checked on a SQL Server login it gets it rules for this via windows.
However I am unsure if it is applied via AD, will this apply to SQL Server via Windows or have no effect?
1 Answer 1
As far as I know, as long as the users have been created with CHECK_POLICY they will inherit it from the domain.
If not, you'll have to enable the policy use for all of them. Or use SQL Server 2012 BPA, as it has a check for this part (2).
The security policy might be set in Windows, or might be received from the domain (1).
https://msdn.microsoft.com/en-us/library/ms161959(v=sql.110).aspx (1)
https://support.microsoft.com/en-us/help/2028712/understanding-password-policy-for-sql-server-logins (2)
-
Thanks, I think I'm struggling with the phrase "The security policy might be set in Windows, or might be received from the domain" as "might" is a bit ambiguous, I cant seem to find any documentation that helps me get a more definitive answer.JonathanF– JonathanF2017年01月24日 12:30:43 +00:00Commented Jan 24, 2017 at 12:30
-
We performed some testing in a isolated environment today and found that SQL Server picks up these rules from Group Policy. (we tested by applying to the Default Domain Policy) As we are applying this only to AD Domain accounts the new rules do not transfer down to SQL Server.JonathanF– JonathanF2017年01月25日 20:27:31 +00:00Commented Jan 25, 2017 at 20:27
Explore related questions
See similar questions with these tags.