Link to home
Start Free TrialLog in
Avatar of joshsfinn
joshsfinn

asked on

Enforcing Windows password policy on SQL accounts

I have created several SQL accounts on a SQL 2005 server, enforcing password policy, but not enforcing password expiration or "user must change password at next login."
I did not encounter any errors when setting up these accounts.  However, the accounts lock when trying to use these accounts to make connections against the databases.
When I unlock the SQL account and hit ok, I get the following error:
Password validation failed.  The password does not meet Windows policy requirements because it is not complex enough.  (Microsoft SQL Server, Error: 15118)

In Active Directory Group Policy our password policy is set as follows:
Enforce password history:  10 passwords remembered
Maximum password age:  90 days
Minimum password age:  7 days
Minimum password length:  8 characters
Password must meet complexity requirements:  Enabled
Store password using reversible encrption for all users on the domain:  Disabled

The same settings are in place on the SQL server's local security settings.

For one SQL account I created, the password was 9 characters long, and contained symbols, numbers, and lower-case letters.  The other account was 10 characters long, and contained upper-case letters, lower-case letters, and numbers.
Both passwords meet the password policy defined, and meet Microsoft's password complexity rules.

Can someone explain what I might be doing wrong, or what I'm missing?
Thanks
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Try creating a password that is
8 or more characters long
Contains an UPPER CASE letter
Contains a LOWER case letter
Comtains a NUMBER 0-9
Contains a symbol eg @, #, % or !

Avatar of joshsfinn
joshsfinn

ASKER

Microsoft's password complexity requires only 3 of the 4 conditions be met. (http://support.microsoft.com/kb/821425) My own AD account, which is subject to the same password policy, has never contained a symbol, and has never had an issue.
This makes me think the issue is with the SQL applicaiton, not the password.
Humour me - try it.
Same error.  I set the password of one of the accounts, meeting all 4 requirements , but when I went back in to check, the account it was locked.  
The password is 10 characters, includes a symbol, 6 lower-case letters, 2 numbers, and one upper-case letter.
ASKER CERTIFIED SOLUTION
Avatar of joshsfinn
joshsfinn

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Yes, I too was trying to create a SQL account (SQL Server 2012) and got this error, and did the complex password thing, but still got the error. I unchecked enforce password policy and I was able to create the user.