Identify SQL Server 2005 Standard Login Settings

By: Jeremy Kadlec | Read Comments (2) | Print Jeremy is the CTO @ Edgewood Solutions, co-founder of MSSQLTips.com and SQL Server MVP since 2009. Related Tips: More

Problem
Gaining insight into my SQL Server standard and Windows logins has historically been a challenge in terms of determining password changes, failed login attempts, etc.  I have noticed that you have experienced the same issue with your tip entitled 'When was the last time the SQL Server sa password changed' and I have noticed some information in the forums on the topic as well.  With SQL Server 2005 can I gain any more insight into the SQL Server standard logins part of the equation?  I know I can talk to my Network Admin counter parts for some of the Windows related login information.  Any and all recommendations would be appreciated.

Solution
As a matter of fact with the SQL Server 2005 built-in function LOGINPROPERTY, this command can help to address these issues and a few more when SQL Server is installed on a Windows 2003 server.  The best way to show the value in this SQL Server function is by outlining the problems it addresses then provide code snippets to take advantage of these features. Here are the problems that the SQL Server 2005 LOGINPROPERTY function addresses for standard logins:

• Date when the password was set
• Locked out standard login
• Expired password
• Must change password at next login
• Count of consecutive failed login attempts
• Time of the last failed login attempt
• Amount of time since the password policy has been applied to the login
• Date when the login was locked out
• Password hash

LOGINPROPERTY Code Snippets

In the code snippets below we are going to use the sa login as an example since it is created when SQL Server 2005 is installed with Windows and SQL Server authentication:

LOGINPROPERTY Special Notes

According to SQL Server 2005 Books Online "The values of the PasswordHash and PasswordLastSetTime properties are available on all supported configurations of SQL Server 2005, but the other properties are only available when SQL Server 2005 is running on Windows Server 2003 and both CHECK_POLICY and CHECK_EXPIRATION are enabled."  So if you run into an issue i.e. NULL result set validate the Windows operating system and the settings for the specific login before digging too far into the issue.

Next Steps

• With the new SQL Server 2005 standard login functionality available be sure to take advantage of it when the needs arise.  I can distinctly remember many customers being frustrated with the standard SQL Server login features as compared to password policies for Windows logins.  Microsoft listened and delivered a number of new features to help manage standard SQL Server logins.
• In terms of password changes, using the LOGINPROPERTY function is now a much easier means to determine if passwords have not changed recently.  If you have a policy related to changing passwords, be sure to run the appropriate scripts from this tip to validate the policy is being met with your standard logins.
• Check out the related security and compliance tips on MSSQLTips.com.

Related Tips: More | Become a paid author

Last Update: 4/16/2008

Share:

Share

Tweet

Connect with MSSQLTips.com Follow us on twitter... Let's connect on facebook! Join us on Google+

Comments and Feedback:

Friday, February 13, 2009 - 11:55:57 AM - JLCantara	Read The Tip
Excellent note. One question: how can I find documentation on the function LOGINPROPERTY in the Server Management Studio (SQL 2005)? LOGINPROPERTY doesn't exist in the help index. Have a good day.

Friday, February 13, 2009 - 12:26:50 PM - aprato	Read The Tip
You might have an out of date copy of the books online?  http://msdn.microsoft.com/en-us/library/ms345412(SQL.90).aspx

Post a Comment or Question

Keep it clean and stay on the subject or we may delete your comment.
Your email address is not published. Required fields are marked with an asterisk (*)

*Name

*Email

Notify for updates

Comments *** NOTE *** - If you want to include code from SQL Server Management Studio (SSMS) in your post, please copy the code from SSMS and paste the code into a text editor like NotePad before copying the code below to remove the SSMS formatting.
*Enter Code

 

Sponsor Information

"SQL doctor ROCKS! As soon as I ran it, problems that have been giving me headaches were identified and cured." Write, edit, and explore SQL effortlessly with SQL Prompt. What grade do you think your SQL Servers get? Find out with a SQL Server Health Check consultant. Free Trial: Get Proactive Insight with Spotlight® for SQL Server Enterprise. Solving SQL Server problems for millions of DBAs and Devs since 2006. Join now. Learn SQL Server 2012, Performance Tuning, Development, Administration, Replication and more - free webcasts