Solved

sql queries for logins and password policy

Posted on 2014-09-22
2
687 Views
Last Modified: 2014-10-07
We need to audit a number of sql server installations, ranging from 2000 - 2008.

I need a query (if different for each release of SQL one per release) to list:

1) details of the password policy per sql login (i.e.password expirty, complexity, lockout values etc)

2) details of all sql server authentication logins and their server level permissions (i.e. sysadmin, securityadmin)

3) guest account status per database (i.e. enabled, not enabled).
0
Comment
Question by:pma111
  • 2
2 Comments
 
LVL 22

Accepted Solution

by:
Steve Wales earned 500 total points
ID: 40338051
The below applies for 2005+

Password Policy per SQL Login is only a flag for on or off.  If the Password Policy flag is checked, then the Windows Password Policy from the operating system are enforced.

Check the CREATE LOGIN documentation for the details on what happens when CHECK_POLICY and CHECK_EXPIRATION are set.

You can see the settings per SQL user by checking columns is_policy_checked and is_expiration_checked in sys.sql_logins

Doco for sys.sql_logins from Books Online: http://msdn.microsoft.com/en-us/library/ms174355.aspx

For complexity, lockout values etc, I believe you need to go to the OS for that (and I'm not even 100% certain it will lock out the account in SQL Server

For SQL Server Authentication Logins:

select * from sys.server_principals where type in ('U','G') - will show you the logins and groups that can access a SQL Server via Windows Authentication.

Books Online for server_principals: http://msdn.microsoft.com/en-us/library/ms188786.aspx

If you want to see which login has access to which server roles, use sys.server_role_members - something like this:

select b.name + ' has ' + c.name
from sys.server_role_members a
join sys.server_principals b on a.member_principal_id = b.principal_id
join sys.server_principals c on a.role_principal_id = c.principal_id

Open in new window


Books Online for Server_role_members: http://msdn.microsoft.com/en-us/library/ms190331.aspx

For guest you could query the is_disabled column of sys.server_principals where name = 'guest'.


I don't have a SQL Server 2000 system readily available to me to test on, but I'll see what I can did up.
0
 
LVL 22

Expert Comment

by:Steve Wales
ID: 40338053
For SQL Server 2000, this document looks highly relevant:

http://msdn.microsoft.com/en-us/library/fooa616fce9-b4c1-49da-87a7-9d6f74911d8f.aspx

Try syslogins for information on your logins - here's the BOL page for that: http://msdn.microsoft.com/en-us/library/ms178593.aspx

It has columns indicating if each user is a member of one of the fixed server roles and the column hasaccess should be enough to tell disabled / enabled.

The other columns isntname, isntgroup and isntuser should be able to separate SQL Server user, Windows User and Windows Group apart from each other.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This article shows gives you an overview on SQL Server 2016 row level security. You will also get to know the usages of row-level-security and how it works
Viewers will learn how the fundamental information of how to create a table.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now