Hi,
did anybody tri force password policy by modifing
sp_addlogin
and
sp_password
Raising custom error if password to be inserted or cnanged does not meet company policy.
Why microsoft did not add this condition in code?
Thank you
Alex
I am receiving the following error message when attempting to create a new SQL Authenticated login id.
Password validation failed. The password does not meet the requirements of the password filter DLL. (Microsoft SQL Server, Error: 15119)
I have four servers all running SQL Server 2005 SP2 on Windows 2003 Ent. SP1. Of the four servers, only one received the above error message using the same TSQL below.
CREATE LOGIN TEST_LOGIN WITH PASSWORD = 'pvif9dal' MUST_CHANGE, CHECK_EXPIRATION = ON
All four servers are in the same domain, which if I understand correctly, the password policies are therefore inherited at the OS level by the domain. The password being used is within the password policies of the domain.
Any ideas as to a root cause?
I tried to install an ALLDATA database which run with SQL Server 2005 express edition. The data base fails to install becase of the following code that come up which is related to AS password requirement. The error that come up is:
TITLE: Microsoft SQL Server 2005 Setup
------------------------------
The sa password must meet SQL Server password policy requirements. For strong password guidelines, see Authentication Mode, in SQL Server Books Online.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=setup.rll&EvtID=28001&EvtType=sqlca%5csqlcax.cpp%40SAPasswordPolicyCheck%40SAPasswordPolicyCheck%40x6d61
------------------------------
BUTTONS:
&Retry
Cancel
------------------------------
I am trying to install this database in a network server operating under Windows Server 2003 R2 with SP2. If anyone knows how to solve this problem, please let me.
Thanks,
Amilcar
I'm trying to add the following user to my test enviroment using the following command:-
EXEC sp_addlogin OPICS, MASTER123456, OPXNEX
However, I'm getting the following error:-
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough.
How can I disable Enforce password policy?
Hi all,We recently started to receive complaints about our install project notworking and giving and shitload of error messages related to SQL. Welater found out that the problem was the users we were trying to bindto we're not created because of the domain password policy featureimplemented into SQL Server 2005.After much dabbling around the SQL scripts that created the databasestructure, we came to the conclusion that only this piece of code couldcorrect our problem :CREATE LOGIN mynewuser WITH PASSWORD = '', CHECK_POLICY = OFF,CHECK_EXPIRATION = OFFThis runs perfectly fine on SQL2005, but not on SQL2000. We have beensearching for a way to have code in SQL files executed on install thatdoesn't fail to compile when run against the server and that willbypass the password policy in case it's a SQL Server 2005...Right now we are testing a feature available in MSI that can filterscripts not matching a database version, but the problem with this, isthat we are missing a lot of features that InstallShield has. In short,we need Help to fix this issue and be able to continue withdevelopment.In hopes to receive a a prompt anwser
View 3 Replies View RelatedWe run a few shared hosting servers in the UK, now we used to run mssql 2000 and moved to 2005 in december 2005.
Microsoft SQL 2005 9.00.1399.06
Microsoft SQL Server Management Studio 9.00.1399.00
Microsoft Analysis Services Client Tools 2005.090.1399.00
Microsoft Data Access Components (MDAC) 2000.086.1830.00 (srv03_sp1_rtm.050324-1447)
Microsoft MSXML 2.6 3.0 6.0
Microsoft Internet Explorer 6.0.3790.1830
Microsoft .NET Framework 2.0.50727.42
Operating System 5.2.3790
We were in the process of improving security on some of our new servers, in the windows password policies settings we enabled the following
minimum password length = 6 characters
Password must meet complexity requirments = enabled
sql 2005 authentification was set in mixed mode, but we have tried windows authentification only as well.
Now when you try and add a new user even if the password meets all requirments you get an error password is to short etc, we used sql managment studio both manually creating a user and scripting with sql, both with the same result.
In the shared hosting environment we need passwords to be secure, the only way we can get sql users to be created is to disable windows password policies which causes security problems.
We would prefer to use sql authentification not windows but even when we use sql authent it still seems to use the windows password policy and the same error occurs
has anyone else found this problem?
could do with a fix asap!
Hi!
I am installing SQL Server 2005 Express as part of my setup. On Windows 2003 Servers with password policy enabled, the SQL Server 2005 Express installation fails. Here is the error I am getting - "the sa password must meet SQL Server password policy requirements. For strong password guidelines, see Authentication Mode, in SQL Server Books Online.". If I disable the password policy, the SQL Server 2005 Express installation is OK.
Is there a parameter that I can pass to the command line to get around this?
Thanks!
I have a 3 node cluster running windows 2003 x64 sp1 and SQL Server 2005 version 9.00.2153. My problem is the following...
This Saturday I migrated a web application's database to this server. After restoring the database I created the sql login for the service account, set the password and disabled the password policy for this login. I then ran sp_change_users_login to attach the already existing db user with the same name to the login. I changed the connection string for the application, tested the application connectivity and functionality then detatched the old database on the old server. Everything went like clockwork, no problems at all.
Come Monday morning at 8:35 I started getting alerts that the web site was down. I tested the site and sure enough it was down. I then attempted to connect to the database server using the login that was created for the app and the connection failed. I logged in with my ID and got in fine. Nothing showing to be wrong with the DB, I checked the new login and somehow the "Enable Password Policy" had been set for the new login. I disabled it and still no connection. I went to the database and checked the DB user and somehow the link between it and the login no longer existed. I reran the sp_change_users_login and restested the web site and verified that that web site was back online.
My question is this, is there any stored proc that resets these values back to default for some reason, a series of events that might revert the "Enable Password Policiy" to the default for a login, or is there a particular domain level operation that might occur such as Security Polcies that would affect these settings in SQL?
No one else was on the machine when I went to check it out at 8:40 so it has left me puzzled.
Any help would be appreciated.
Thanks.
Zach
What are the exact requirements implied by the sql 2005 option:
"Password Must Meet Complexity Requirements "
TIA,
Barkingdog
P.S. I found this one:
-Cannot contain all or part of the username
-Must be at least 6 characters long
-Contain 3 of the 4 following character groups
- A to Z
- a to z
- 0 to 9
- Special Characters i.e. ! ^ $ *
and I have also found
"At least 7 characters in length"
Combines letters. numbners, and symbolds
Is not a dicitonary word, name of a command, person's name or user's account name
As the saying goes "close, but no cigar!"
I've legacy code that requires a blank password for a SQL Server login.
This works fine on 2000 or 7.
How can you allow blank passwords on SQL Server 2005 without changing the windows policy?
Is there a stored procedure to do this?
I know you can now use CREATE LOGIN and set CHECK_POLICY to no on SQL 2005 when creating logins, but this needs to run on SQL Server 7/2000 and so its using sp_addlogin.
(NB: I can't easily change the legacy code to work conditionally on SQL Server 2005)
I have modified the Security Settings>Account Policies>Password Policy on my PC as follows:
Minimum password length: 10 characters
Password must meet complexity requirements: Enabled
However, when creating a login within SQL Server 2005, which does not adhere to the amended policy, this does not seem to be taken into account:
CREATE LOGIN testlogin WITH PASSWORD='a',
DEFAULT_DATABASE=[master],
DEFAULT_LANGUAGE=[us_english],
CHECK_EXPIRATION=ON, CHECK_POLICY=ON
have tried restarting the SQL Server and rebooting the PC, but this does not solve the problem.
Hello,
I am building a winforms .net 3.5 application which connects to a SQL Server 2005 database with SQL server authentication. Is it possible to access the SQL Server password policy and expiration through the .NET 3.5 framework? I would like add the following functionality to my login form:
Ensure passwords meet policy standard.
Prompt a user to change their password when it is due to expire in 5 days or less.
Thanks in advance.
I am trying to create a login using my application.
The application creates the user and password itself .
when working with sql server 2000 it works fine.
when i try to install my application with sql server 2005 it is displaying the error .
'Password does not meet windows policy requirements
because it is not complex enough'
I want to keep the same password.
Is there any way to disable/uncheck this option by default?
Prashant
Is there a way to do this at the server level?
Thanks
I have a complicated question that involves the password policy defined within Windows Server 2003 and how it is used in Microsoft SQL Server 2005. I recently installed windows server 2003 on my development system. I am a person that prefers to develop in the same OS that our application runs in production. After installing 2003, then a Domain administrator added my machine to our corporate domain. Now, I cannot change the local password policy to allow a simple password. I believe this is due to policy inheriting from the domain that the machine belongs to.
This ties back into SQL Server 2005 because installing sql server on a Server 2003 causes SQL Server 2005 to follow the password policies defined at the OS level. This breaks our application in a subtle way in that we create login accounts for new client databases with random password. Because the password is random it sometimes conforms to the policy and sometimes not.
In production environments, the password policies are configured differently. So I need to one of the following options:
-change the group policy/inherited policy on my machine to not inherity from the domain I joined (prefered solution but don't know HOW)
-change SQL Server to not use OS password policy
-change code to use CREATE LOGIN statement with CHECK_POLICY=OFF or change password generation code to use a stronger password. (don't want to do this as the code change is only accomodating non-production environments)
If someone has a better place to post this question, I would sure appreciate it.
i just want the user have the ability to do sp_addlogin.
pls help me
i successfully ran this query
grant execute on sp_addlogin to userLogin
but when i login with userLogin. It wont work
hi,
I have an VB .NET 2005 application which should create a database and a user on an SQL server both for SQL 2000 and SQL 2005. The last not tested yet. I use SQLConnection to comunicate with the server. I can make the database no problem, but I can't add a new user.The user that runs this stored procedure has rights to execute this procedure. When I try to use the stored procedure: "sp_addlogin" I get the following error :
"-- 'sp_addlogin' was found in the text of this event.
-- The text has been replaced with this comment for security reasons."
Does anyone have any clue what's wrong?
Thanks.
Hi all,
I want to add a windows user login which looks like: MachineNameUserName, however back slash "" is not allowed in ap_addlogin. With UserName only, the privileges are not granted correctly as far as I tested. How can I walk around? Any ideas? I use SQL express.
Br,
XZ
Hello,
I am trying to script out a new login in SQL 2000. I can script the login, but I am trying to assign the correct permissions, (e.g. db_datawriter, db_owner) and I am have trouble scripting the permissions. Here is a snippet of what I am looking to accomplish in my script. Remeber, this is 2000 not 2005...
-- This works
exec sp_addlogin @loginame = 'LoginName'
,@passwd = 'Password'
,@defdb = 'Database'
go
-- This doesn't. I am not even sure if this is what I need...
exec sp_addrolemember @rolename = 'AdminCVB'
,@membername = 'db_owner'
go
Hi
We are using SQL Server-2005 as backend,
i had code like,
sp_addlogin 'a', 'a'
this give error as
"Password validation failed. The password does not meet Windows policy requirements because it is not complex enough"
as this is not full fill the Windows Password policy.
I too check the Local Security Settings is disable for the password settings.
I know i can use
CREATE USER <user> , CHECK_POLICY =OFF
but i want to set CHECK_POLICY =OFF, with the
sp_addlogin stored Procedure.
Any help,hint or code to solve this ???
Regards,
Thanks.
Gurpreet S. Gill
I am using sp_addlogin ...,@encryptopt = 'skip_encryption' to transfer logins from one machine to another. This works fine for most users but there is a problem with some. As far as I can tell the only pattern is that the ones that fail were originally upgraded from 6.5. They all have a xstatus of 2050 in the sysxlogins table.
View 1 Replies View RelatedHello Everyone,
We have a mixed environment consisting of some SS2005 with most servers still running on SS2000. Several operating systems are in use. We use mixed mode authentication. To date, all of our SS2005 servers have been installed on Windows Server 2003. In each of these environments we have the password policies disabled on the operating system side (Administration Tools | Local Security Policy). On these servers we have been able to successfully use SP_ADDLOGIN to add logins for SQL Server authentication.
Recently I installed SQL Server 2005 on Windows 2000 SP4 (old I know) as a test environment. Like the 2003 servers, password policies and complexity are shutoff. When I attempt to use SP_ADDLOGIN, however, here I receive:
Server: Msg 15118, Level 16, State 1, Line 1
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough.
Is this a know occurance on the older operating system?
I am trying to add a new user (SQL Server 6.5) from an application program (Delphi 4.0). I was hoping I could do this in a stored procedure that basically acts a a wrapper around the SQL Server stored procedures.
It partially works - here is my procedure:
create procedure AddUserToSQLServer(@loginame varchar(30),
@Password varchar(30) ) as
begin
-- Add User to SQL Server Database
exec mydb.dbo.sp_addlogin @loginame,@Password,'mydb'
exec mydb.dbo.sp_adduser @loginame
end
The sp_addlogin adds the login and sets the default database as mydb. This is OK, except the user still can not login to the application. So I added the sp_adduser. This gives the user access to the application, but I still have a problem. When I go into Executive Manager, and go to the Manage Logins screen by double-clicking on the newly added user, I get the message "Error 21770: The name 'loginame' was not found in the users collection" where loginame is the users login. I click OK to this message, and the user is displayed on the manage logins screen. Their default database is mydb, a check is in the Permit box and their username is in the User column. Alias and Group are blank. When I try to drop the user, I get the same error again (2 times), then error "Error 15175: [SQL Server] login 'loginame' is aliased or mapped to a user in one or more database(s), drop user or alias before dropping login".
The only thing I found that works is to go to SQL and issue sp_dropuser loginame, then I can drop the user.
Anybody see what's wrong? Or know of a FAQ that addresses this situation?
Thanks
Wayne
i have an asp.net web application that uses SQL2000 backend. any users login to the application using a proper SQL login. so each user has unique logins
One of the roles within the application is to allow the user to create new logins for the application which inturn creates a SQL login. for this i have been using the following special sp's within an application specific sp:-
EXEC sp_addlogin @strUsername, null, 'WEA_MIS', @loginlang
EXEC sp_grantdbaccess @strUsername, @strUsername
EXEC sp_addrolemember @strRole, @strUsername
EXEC sp_password NULL, @strPassword, @strUsername
the only way ican get this to run is if the user executing the sp is a member of sys admin, ideally i dont want to be giving anyone access to sys admin. i thought security admin would allow me to do the above but it doesnt. Is there any other ways or ideas to get around this problem
Cheers,
Craig
Hi Experts,
In our production system, there are high number activities involving very huge tables ( around 250 million records ).
For performance benefits , we are using dynamic queries in the stored procedures. We are also using WITH clause to FORCE appropriate indexes.
Will forcing the indexes have any negative effects ? or Forcing the index would REALLY improve the performance.
Any inputs would be highly appreciated.
Thanks in advance.
Hariarul
I have an Itanium 64bit server to run SSIS packages on. I have one package with three parralell streams. When I run the package in 64 bit mode using dtexec, it runs through validation and exits with no reported errors, when I run it from a job, the job fails and says to see job log, which has no errors.
When I run it in 32 bit mode using the GUI, it runs all the way through.
Does anyone know how to launch SSIS in 32 bit mode from a job on an Itanium?
Thanks
Larry C
This is a really wide spread - more than a time discussed - on SQL CE MSDN Forums - Issue !!!
Is there any way i can commit changes which happens during runtime (when i am developing the application) such as inserts/updates and deletes to the .sdf DB on the machine ?????
Can it possible of taking full dump db backup of Logshipping server [Secondary Server.]
Or any other way {DTS} on Secondary server, to update third server on daily basis.
please co-operate me on this issue
Thanx in advance
Regards
Dinesh
Dina Satam
Hi all,
As our DB has no primary keys or indexes ive taken a copy of all populated tables and tried to force primary keys within a new DB.
the problem is all off the tables have multiple datasets within them, a dataset for each year. This causes all instances of ID numbers to not be unique as they are replicated for every year they are active.
Its a school database so a student who has been here for 3 years will have 3 instances of his ID number, one for each years' data set.
So how do i force primary keys if there is no unique identifier? ive been highlighting both data set and ID columns and setting that combination as the primary key.
Essentially i need to analyse the relationships between the tabls in a diagram and also run some speed tests to see how fast the db works when it has indexes and primary keys.
the reason im writing is that ive done this on ten tables and with another 160 to do im just checking im doing the right thing?
greg
I have the following Case statement:
CASE
WHEN CAST(wo.start_date AS TIME) BETWEEN '00:00:00' AND '00:59:59' THEN 0
WHEN CAST(wo.start_date AS TIME) BETWEEN '01:00:00' AND '01:59:59' THEN 1
WHEN CAST(wo.start_date AS TIME) BETWEEN '02:00:00' AND '02:59:59' THEN 2
WHEN CAST(wo.start_date AS TIME) BETWEEN '03:00:00' AND '03:59:59' THEN 3
WHEN CAST(wo.start_date AS TIME) BETWEEN '04:00:00' AND '04:59:59' THEN 4
[code]....
The purpose is to take a row and set it to the hour of the day that it occurred in. This works fine, however I would like to force it to display every hour 0-23 regardless of whether or not it has a corresponding row.
So, if no row exists for 0, display 0 with null values for the rest of the columns.
In the following procedure i write the results to a temp table called #temp1I now want to count the results of #temp1, if the count of #temp1 = 0
I want to insert 'No Records Found' into #temp.ERRORMSG else return what is in the table
any idea on how to do this?
ALTER PROC [dbo].[SPU_RPT_Savings_AnomalyDispatches] 40,'04/01/07|06/30/07'
@PropertyID varchar(4000),
@DropDown varchar(50)
AS
SELECT Client.CLIENT, Client.CLIENTID, ErrorEmailLog.ID, ErrorEmailLog.SITEID, ErrorEmailLog.PROPID, ErrorEmailLog.DISTINCTERRORS,
ErrorEmailLog.ERRORMSG, ErrorEmailLog.ERRORDATETIME, ErrorEmailLog.EMAILRECIPIENTS, Property.PROPERTY, Property.STREET,
Property.CITY, Property.STATE, Property.ZIP, Property.PHONE
INTO #TEMP1
FROM ErrorEmailLog INNER JOIN
Property ON ErrorEmailLog.PROPID = Property.PROPID INNER JOIN
Client ON Property.CLIENTID = Client.CLIENTID
WHERE (ErrorEmailLog.ERRORDATETIME BETWEEN SUBSTRING(CONVERT(VARCHAR(12), @DropDown), 0, 9)
What is the best way to disable using the Windows policy requirements when creating a new login?
example: I'm trying to create a login and the password doesn't meet the windows policy requirements. The easy thing to do would be to create a strong password. This isn't an option at the moment. I need to disable this so I can create new users that dont have strong passwords.
Thanks!
hi,
Please help me in designing one of our payroll policies. i have been trying but unable to find any solution.
i have data in 2 tables :
1. attendance (empid, date, hours, leaveallowed)
2. holidays (date,type) (4 types of holidays like national, weekly offs etc)
Policy: if any employee is not present on both days - the day before and after the holiday then leave allowed is false
attendace table contains the records for all employees who are present and i have to add rows for missing dates where leaveallowed will be false (hours will be zero).
eg. if any employee is absent on friday and monday then leaveallowed for saturday and sunday will be false.
i have tried many things but the best i have is following query that uses cross join with holidays table after adding rows for all dates in holidays (holidays table now looks as calendar)
Code:
SELECT DRVD.empid,DRVD.calendardate,DRVD.holidaytype,
attendance.workhours
FROM attendance RIGHT OUTER JOIN
(SELECT * FROM employees CROSS JOIN calendar
WHERE calendardate < getdate()) DRVD
ON attendance.empid=DRVD.empid
AND attendance.workdate=DRVD.calendardate
thanks