Hi, I have a project that will ask the user to provide a ‘sa’ account
password, and then install the SQL Express in command line quietly by the
SAPWD option. My question is, what is the logic to validate the ‘strong
password’ for SQL Express in my program (C#) before SQL Express installation
start? Thanks a lot!

From BOL:

Password complexity policies are designed to deter brute force attacks by
increasing the number of possible passwords. When password complexity policy
is enforced, new passwords must meet the following guidelines.

a.. The password does not contain all or "part" of the user's account
name. Part of an account name is defined as three or more consecutive
alpha-numeric characters delimited on both ends by "white space" (space,
tab, return, etc.) or any of the following characters: , . - _ #


b.. The password is at least six characters long.

c.. The password contains characters from three of the following four
categories:

a.. English uppercase letters (A - Z)

b.. English lowercase letters (a - z)

c.. Base 10 digits (0 - 9)

d.. Non-alphanumeric (For example: !, $, #, or %)



--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"NotCpiP" <NotCpiP (AT) discussions (DOT) microsoft.com> wrote

Thanks for your reply.
Yes, SQL Express installation document mentioned 'strong password', but in
practice, looks we do not need to follow the rules strictly. E.g., password
'sa.' will be accepted by the command line, but obviously it does not obey
the rule. I just want to make the password validation logic in my C# program
follow the real rule of SQL express installation requirement. Any ideas?
Thanks in advance.



"Roger Wolter[MSFT]" wrote: