Server Authentication - How To Let User Change Password In Advance Of Expiration Date
Jul 22, 2015
We need to use SQL Server Authentication for some reason and would like to enforce Password Policy with 90-day expiration period. I found "Change password" dialogue appears when I first logged in with the new user, but don't know
(1)what happens when the user failed to change the password before it's expired or
(2)how a user can change his password in advance of the expiration date with no particular server-level permission.
This has to be a simple question for most of you, so here goes.My passwords for sa and another login that I created keep resetting.How can I turn off password expiration in SQL Server 2000?Thanks!MB
I have instaled SQL Server2000 in Administrator user login.My OS is Windows Adavance Server2000. It works Fine. If i change my Administrator Password and Login with the new Password then Sql Server dosn't Run.It says Authentication error if i try to run from service. I belive DBA's in this forum can help me out.
We are experiencing authentication/ Kerberos issues after a password for the MSA's has changed. We use MSA for our SQL 2012 and windows 2012 combination Servers. This errors creates issues while backing up and Service Broker connectivity.We had to restart sql services to fix it, but this not seem to be a resolution for me because the next time the password changes on these MSA's we may have to restart sql services.There seems to be a known issue for windows 2008 R2 servers and fix is available and we incorporated it. But the issue we are facing is on windows 2012 Server.
SQL Server 2005 Express keeps putting in a different password than the one I chose. I would check the properties on the login I want to change. Then I change the password and it gets accepted. When I try my web application, I get the dreaded "login failed for <loginname>". I look at the properties again and see my password never change. Is this a bug? I ever tried this syntax to no avail:
CREATE LOGIN <loginname> WITH PASSWORD='<mypassword>' CHECK_EXPIRATION = OFF, CHECK_POLICY = OFF
This morning I attempted to connect to my local copy of SQL Server (2012) (Win 7) using Windows Authentication. I was unable to do so and per the error log it was due to error 18456 (invalid credentials).
Yesterday I changed my windows password. Is it possible for this to be the cause?
FYI, following is from the error logs:
2015-04-27 10:10:32.98 Backup BACKUP DATABASE successfully processed 0 pages in 0.451 seconds (0.000 MB/sec).2015-04-28 00:00:41.90 spid18s This instance of SQL Server has been using a process ID of 2096 since 4/21/2015 9:08:05 AM (local) 4/21/2015 1:08:05 PM (UTC). This is an informational message only; no user action is required.2015-04-28 09:58:51.16 Logon Error: 18456, Severity: 14, State: 38.2015-04-28 09:58:51.16 Logon Login failed for user 'NT AUTHORITYSYSTEM'. Reason: Failed to open the explicitly specified database 'model'. [CLIENT: xx.xx.xxx.xxx]2015-04-28 17:09:59.87 Server SQL Server is terminating because of a system shutdown. This is an informational message only. No user action is required.
The logs showed the error occurred yesterday (4/28) which is about when I changed my password. The 17:09 log (last one) is when I shut down my computer. Note that I was logged into SQL Server when I changed my Windows password and worked with it several times through out the day.
Also, per the configuration manager SQL Server (MSSQLSERVER) (and all other services) is stopped and I was unable to start it ("The request failed or the service did not respond in a timely fashion).
I'm trying to connect to a SQL Server 2005 database engine on a local network server. When I am presented with the Connect to Server dialog box, if I select Windows Authentication from the Authentication drop-down, the User name & Password area is grayed out and unusable. The domain user account I'm authenticated with is visible, but grayed out, and the password field is blank and unusable. I'd like to be able to connect as described in help:
User name
Enter the user name to connect with. This option is only available if you have selected to connect using Windows Authentication.
I can connect with either SQL Server or Windows authentication... but with Windows Authentication I'd love to be able to type a specific user name to select with :-)
I newly installed SQL Server 2005 .I did not mention any username and password during installation.But now i want to specify one.Can you tell me how to do so .My Operating System is WindowsXp.
SQL Server 2005 Express will not allow me to change the password for my login user. I tried deleting the user and re-creating the user. Another password is being put in although the password I put in was accepted. I even test to see what would happen if I left the password blank. It got accepted. But when I look at the password for my login user again, a different and much longer password was put in. I even tried this T-SQL statement:
CREATE LOGIN <loginname> WITH PASSWORD='<passwordname>', CHECK_EXPIRATION = OFF, CHECK_POLICY = OFF
Theres a script that the SQL workprogram instructs someone to run which shows the last change date for a users password. Within the results of the script theres two rows of dates and I would like to know which date indicates the "last password change date"
I have an application that controls user logins, passwords, etc. at the front end for a SQL database. I am in the stage of migrating to SQL2005 and cannot get the TSQL code to allow a user to change their own password. Here's the background;
The ADMIN of the app is a Sysadmin on the SQL server and can create logins, set roles, etc. Assume the Admin creates a user TOM with a password of xxxx. This works fine using the create login statement from a Connect.Execute statement from my app like so;
When TOM logins into my app, he will have to change his password at some point. The TSQL code I am using (which fails) is executed by TOM who has a connection to the SQL db because he is logged into the app.
"Alter Login TOM With Password = 'xxxx' Old_Password = 'xxxxx', Check_Policy = OFF"
At this point I get an error:
RunTime error -2147217900 (80040e14) ODBC SQL Server Driver][SQL Server] Cannot alter the login 'TOM', becuase it does not exist or you do not have permission.
Obviously it exists since TOM is currently logged into the SQL Server. So if it's permissions related, what permissions does a user need to change his/her password? Or is there another way to do it?
I am building a winforms .net 3.5 application which connects to a SQL Server 2005 database with SQL server authentication. Is it possible to access the SQL Server password policy and expiration through the .NET 3.5 framework? I would like add the following functionality to my login form:
Ensure passwords meet policy standard.
Prompt a user to change their password when it is due to expire in 5 days or less. Thanks in advance.
Numerous articles (e.g., http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp, even one that I wrote, http://www.dbazine.com/sql/sql-articles/cook12) state that to secure SQL Server, the SQL Server services should not run as Local System. That advice is useful only if making the change is not overly disruptive or is even allowable. My two most recent clients have absolutely rigid password expiration policies that require all account passwords to be changed at regular intervals. Realistically, that makes a compelling case for running as Local System.
I have two tables totally unrelated but give the same information, the difference is the duration. I need to create a stored procedure that will give the recent issue dates only, accept if they have already expired. I'm not exactly sure how to do that. We only want the employees to see the current issue date as long as the exclusion has not expired. Can anyone help please. What needs to happen is that the employees need to see only the exclusions that have expired which is based on the Expiration Date.
AS SELECT [dbo].[30 Day exclusion].[First Name], [dbo].[30 Day exclusion].[Last Name], [dbo].[30 Day exclusion].[Issue Date], [dbo].[Extended Exclusions].[First Name], [dbo].[Extended Exclusions].[Last Name], [dbo].[Extended Exclusions].[Issue Date] FROM [dbo].[30 Day exclusion] INNER JOIN [dbo].[Extended Exclusions] ON [dbo].[Extended Exclusions].[ID] = [dbo].[30 Day exclusion].[id] WHERE (@StartIssueDate is null or [Issue Date] >= @StartIssueDate) AND (@EndIssueDate is null or [Issue Date] <= @EndIssueDate) AND (@Enter_LastName is null or [Last Name] = @Enter_LastName) ORDER BY [Last Name]
I have a question on how the retain parameter works for Backups. If I have a nightly full backup for a database and have retain = 10, does that mean on the 11th day the very first backup will be purged? Will the 11th backup attempt to take up some of the space that was occupied by that first backup? It seems that the 11th backup would be too large for the space that the first backup was taking up. I am fairly new to backups with SQL Server and want to ensure I am setting this up properly. Our goal is to keep backups for 10 days only.
I have a table containing several date fields in which certain events happened, and I need to be able to find the expiration date for renewal. The expiration dates are at the end of the 6th, 12th, or 24th month after the event occurred, depending on the event.
Is there a way to return in a query the last day of month x following a date field? For instance, if the date '3/12/2006' is stored in the field for a 12-month expiration, I need to return '3/31/2007'.
This may seem like a stupid question but i am trying to get the hang of the new security model.
I have not really heard anything mentioned about certficate expiration date when it comes to creating certificates for keys or service broker endpoints etc.
We have created certificates for keys and service broker endpoints, now what exactly happens when the expiration date, by default 1 year i think is reached, will we no longer be able to decrypt encrypted data and will the service broker endpoints stop working etc ?
Or is this expiration date when the certificate can no longer be used to create security objects ? And all security objects already created with this certificate will always work ?
In other words is there ever danger that keys and endpoints or basically any object referrencing this certificate will just suddenly stop working one day, or will all objects work indefinately regardless of an certificate/objects expiration date ?
My goal is to write a DR plan where i am restoring all user databases onto a diffrent server in a event of hardware failure. I was trying to figure out a way to extract DDL of user accounts and their permissions on all user databases so i can simplify my DR documentation.
This is the plan I came up with...to restore all system and user dbs on a different Physical SQLServer.
1. build named instance $PROD
2. restore master database
- startup sqlserver in single user mode -m or DAC sqlcmd -S ServerName -U sa -P<xxx> –A net stop MSSQLSERVER$PROD net start MSSQLSERVER$PROD -m - restore database master from disk e:master.bak with replace;
3. start sqlserver normally
4. stop SQLServer agent
5. restore msdb
-restore database msdb disk e:msdb.bak with replace;
First question: I have sql server 2005 enterprise eval edition installed. is there a query, command or tool can tell me the exact expiration date? I understand it is 180 day but I still want some way to query the exact date.
Second question: does sql server log any warning message before eval expires?
Is there any way I can check the remaining time before I must upgrade an SQL Server 2000 Evaluation Edition? I thought I had made a note about which day it was. Can I rely upon the file date for uninstallation file in Programs/etc ?
I would like to filter records with in effective date and expiration date; If there is no record within that range, then check for grace period records ( effective date -30 days and expiration date + 90 days)
Below is the detailed script for sample data...
declare @tab table ( sno int identity, name varchar(100), EFFECTIVE_DATE date, EXPIRATION_DATE date) insert into @tab (name, EFFECTIVE_DATE , EXPIRATION_DATE ) SELECT 'chandu', GETDATE(), NULL union all SELECT 'chandu', '2014-02-11 00:00:00' , '2014-03-20 00:00:00' union all SELECT 'AAA', '2014-01-11 00:00:00' , '2014-05-11 00:00:00' union all
We are maintaining a database of drivers, and we are looking for a script or procedure that will automatically notify certain users of the list of drivers who are in need of a recheck or driver's license has expired. I am new to this , so any help you can give would be greatly appreciated
Hello- I recently inherited a SQL 2005 Standard database that I am being asked to change the Server authentication mode for. SQL system is managing a local database for Microsoft Systems Management Server 2003. Currently the system is running in SQL Server & Windows authentication mode. I am going to change it to Windows Authentication mode. Can someone point me to a checklist I could refer to before I make the change to be sure I don't take down my database?
Hi,Does anyone here know whether it is possible to change theauthentication method of a SQL server instance programmatically, ratherthan going through enterprise manager.I am using SQL-DMO (under C#) for some other things, but thedocumentation is so bad that I can't find out whether what I want to docan be done. I have also tried googling but came up empty handed.I hope that someone can help me.CheersJono
I installed SQL Server 2005 using Windows Authentication Mode (Windows Authentication)"
How can I change the Authentication Mode of the SQL server from "Windows Authentication Mode (Windows Authentication)" to "Mixed Mode (Windows Authentication and SQL Server Authentication)"?
Does anyone know how to return a date the sql query analyser like (Aug 2, 2004)
Right now, the following statement returns (Aug 2, 2004 8:40PM). This is now good because I need to do a specific date search that doesn't include the time.
Hi, I'm using the SQL Server Everywhere CTP on the desktop and haven't used SQL Server Mobile in the past.
I'm having some difficulty determining whether it's possible to change a SQL Server Everywhere database's password. Obviously authentication on a file-based SQL Server Everywhere database differs from that of server-based SQL Server database. Is it possible to change a SQL Server Everywhere database's password?
That said, I feel like I've made a decent search of the to change a SQL Server Everywhere books online. If it's not possible to change the password in place (i.e., without copying all data to a new file with a different password), please count this as a vote to add that functionality. Making a database password "permanent" lessens its effectiveness. Thanks,
