Enforcing password policy for all SQL Authentication Logins

One of my customers recently asked me how we can enforce the CHECK_POLICY option for all logins created on the SQL 2005 instance. Since by default this is enforced on a per-login basis, we cannot by default have it at a server level. But by using DDL triggers in SQL Server 2005, here is one way of achieving it:


—- BEGIN DDL Trigger Code —  


CREATE TRIGGER trgNewLogin on all server
for create_login
as
 declare @loginbeingcreated sysname
 select @loginbeingcreated = eventdata().value(‘(/EVENT_INSTANCE/ObjectName)[1]’, ‘sysname’)


 If EXISTS
 (
  select 1 from sys.sql_logins
  where name = @loginbeingcreated
  and is_policy_checked = 0
 )
 BEGIN
  Print ‘Please ensure password policy is being checked by using CHECK_POLICY’
  ROLLBACK
 END


— END Trigger Code —


 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.