user must change password at next login is greyed out

I'm trying to implement a password expiration policy with SQL 2005, however the checkbox on user security "User must change password at next login" is greyed out.

How  do I correct this?

Thanks
jdr0606Asked:
Who is Participating?
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
Ok... Let me try to represent it in other words..

Windows Group Policies controls that option and hence it is greyed out..
But we can Control it using MUST_CHANGE option either in CREATE LOGIN or ALTER LOGIN statements..

Hope this clarifies.
0
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
It would by default be greyed out..
And would work when you check Enforce Password Policy..
User must Change Password at next login is a policy inherited from Windows Group policies and hence this way..

Workaround:

You can use it out from TSQL Statements like:

CREATE LOGIN test_login WITH PASSWORD = 'ur_password' MUST_CHANGE;
GO

Note: MUST_CHANGE is applicable to SQL Server logins and for Windows Logins it needs to be set in Group Policies as mentioned earlier..
0
 
jdr0606Author Commented:
I have 200+ user logins that even if I check enforce password policy, enforce expiration is selectable but user must change password stays greyed out on any user.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
Raja Jegan RSQL Server DBA & ArchitectCommented:
Yes.. That is what I meant and "User must Change Password at next login" would be greyed by default.
And it would work only based on your Windows Group Policy settings..
0
 
jdr0606Author Commented:
Call me stupid, but I assume you are telling me that Windows Group Policy is set to not allow "User change password at next login"?
0
 
jdr0606Author Commented:
Thanks!
0
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
Welcome..
0
 
jdr0606Author Commented:
BTW do you know specifically which Windows Group Policy controls this?
0
 
Raja Jegan RSQL Server DBA & ArchitectCommented:
This policy would be set by Windows Domain Controller ( your Domain server) and published / enforced in all your local servers/ clients using Group policy updates..

Script to do that option is given below and this does the request in your LDAP server..

http://gallery.technet.microsoft.com/ScriptCenter/en-us/7e44bd45-f49f-4e47-ae00-b18f544e478f
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.