We run a few shared hosting servers in the UK, now we used to run mssql 2000 and moved to 2005 in december 2005.
Microsoft SQL 2005 9.00.1399.06
Microsoft SQL Server Management Studio 9.00.1399.00
Microsoft Analysis Services Client Tools 2005.090.1399.00
Microsoft Data Access Components (MDAC) 2000.086.1830.00 (srv03_sp1_rtm.050324-1447)
Microsoft MSXML 2.6 3.0 6.0
Microsoft Internet Explorer 6.0.3790.1830
Microsoft .NET Framework 2.0.50727.42
Operating System 5.2.3790
We were in the process of improving security on some of our new servers, in the windows password policies settings we enabled the following
minimum password length = 6 characters
Password must meet complexity requirments = enabled
sql 2005 authentification was set in mixed mode, but we have tried windows authentification only as well.
Now when you try and add a new user even if the password meets all requirments you get an error password is to short etc, we used sql managment studio both manually creating a user and scripting with sql, both with the same result.
In the shared hosting environment we need passwords to be secure, the only way we can get sql users to be created is to disable windows password policies which causes security problems.
We would prefer to use sql authentification not windows but even when we use sql authent it still seems to use the windows password policy and the same error occurs
has anyone else found this problem
could do with a fix asap!
SQL 2005 & Windows Password Policy
zinc
This is very strange. So you are getting the "password is too short" message even though the password is longer than 6 characters Have you double-checked the policy settings - is the minimum length really set to 6
Can you execute the following statement and let me know the result:
create login bob with password = 'Bob425'
I suggest that you also try a longer password. If the minimum is set to 6, try a 20 character password. Make sure that it contains a mix of lowercase, uppercase, and numbers or special characters.
You can bypass password complexity checkings by turning on these checks for the login:
create login bob with password = 'Bob425', check_policy = off
See http://msdn2.microsoft.com/en-us/library/ms189751(SQL.90).aspx, for syntax.
I only recommend doing this if you have tried everything else and it didn't work. You can later turn back on these checks with a statement like:
alter login bob with check_policy = on
Note that this will not check the current password, it will only check future passwords set for this login.
Thanks
Laurentiu
element__
Is there a way to do this in SQL 2000 that will also work in SQL 2005 We are trying to make a code change that will support both SQL 2005 and SQL 2000, as we have had a couple of sites where our software is installed generate the password complexity failures, even when trying passwords that match the criteria previously mentioned.
McGanahan Skejellyfetti
You can use the CHECK_POLICY & CHECK_EXPIRATION optional clauses when creating or altering a login. For example:
-- Will fail
CREATE LOGIN [noPwdPolicy] WITH PASSWORD = 'weak'
go
-- Will succeed
CREATE LOGIN [noPwdPolicy] WITH PASSWORD = 'weak', CHECK_POLICY = OFF
go
You can find detailed information in BOL (CREATE LOGIN http://msdn2.microsoft.com/en-us/library/ms189751.aspx, ALTER LOGIN http://msdn2.microsoft.com/en-us/library/ms189828.aspx). Personally I recommend using the password policy to help you preventing weak/easy to guess passwords.
-Raul Garcia
SDE/T
SQL Server Engine
Jaime Atiles
"If this policy is enabled, passwords must meet the following minimum requirements:"
How do you disable the policy
bmcilvaine
Result of your create user query
Msg 15118, Level 16, State 1, Line 1
Password validation failed. The password does not meet Windows policy requirements because it is not complex enough.
I then tried
create login bob with password = 'Bob425ffeF3ve'
still the same message
Ah think ive found the problem, error only occurs when complex passwords are required, and the solution, dont include the username within the password, then complex password enabled works fine!
Weird that never worked before strange, anyhow any ideas what the bellow error means
Unable to perform action. Error: Microsoft SQL-DMO (ODBC SQLState: 42000) Error -2147206388[Microsoft][ODBC SQL Server Driver][SQL Server]Password validation failed. The password does not meet Windows policy requirements because it is too short.IDispatch error #14604
(note. this is from our control panel software which the company who makes it refuses to believe its their software at fault, they said it was mssql but it appears not!)
micca46899
Appears this is just a control panel bug they are looking into it!
Thanks for your help on this much apreciated!
Chris
Dwebs Ltd
net2020
My apologies, I should have tested that password to see it doesn't work because it has the user name embedded.
The default password complexity requirements are:
So, yes, the password must not contain the account name. 'XyZ425' should work instead of 'Bob425'.
The "too short" error indicates that the password is too short. The password should be at least 6 characters in length. If your password works with the CREATE LOGIN statement but not with the control panel software, this may happen because the panel software truncates the password that you pass to it. Maybe you have set some characters in the password that are filtered out by that application. Does your password include the ' character, by any chance Try using digits instead of nonalphanumeric charaters.
Thanks
Laurentiu