restricting user's password change ability.

#1

I have a question about disabling the ability for a user to change
their password by using alter login <login name> with password = <new
password>. We have a different process in place, with audit trails,
that a SQL authenticated user can change their password. So how can
we prevent a user from being able to use the Alter Login option to
change their password?

Thanks much,
Joe

#2

JoeyD (joeydba (AT) gmail (DOT) com) writes:

Quote:

I have a question about disabling the ability for a user to change
their password by using alter login <login name> with password = <new
password>. We have a different process in place, with audit trails,
that a SQL authenticated user can change their password. So how can
we prevent a user from being able to use the Alter Login option to
change their password?

I can see two possibilities. One is to set up a DDL trigger for ALTER_LOGIN
and then checks if the WITH PASSWORD clause is present.

The other is to set the password policy in Windows on the SQL Server machine
to not permit users to change their passwords.

--
Erland Sommarskog, SQL Server MVP, esquel (AT) sommarskog (DOT) se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx

#3

Thank you for the suggestions. I had given some thought to the DDL Trigger but wasn't sure I wanted to go down that road.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

restricting user's password change ability.

comp.databases.ms-sqlserver comp.databases.ms-sqlserver

restricting user's password change ability. - 03-28-2011 , 04:19 PM

Re: restricting user's password change ability. - 03-28-2011 , 04:45 PM

Re: restricting user's password change ability. - 03-29-2011 , 10:35 AM