Custom Search
body { background:#fff url("http://www.blogblog.com/harbor/rocks_left.jpg") no-repeat right bottom; background-attachment:fixed; margin:0; padding:0; font:x-small Georgia, Serif; color:#333333; font-size/* */:/**/small; font-size: /**/small; } /* Commented Backslash Hack hides rule from IE5-Mac \*/ body {background-attachment:scroll;} /* End IE5-Mac hack */ a:link { color:#336688; text-decoration:none; } a:visited { color:#764; text-decoration:none; } a:hover { color:#993333; text-decoration:underline; } a img { border-width:0; } /* Page Structure ----------------------------------------------- */ #wrap { background:url("http://www.blogblog.com/harbor/sky_left.jpg") repeat-x; min-width:740px; margin:0; padding:0; text-align:left; font: normal normal 100% Georgia,Serif; } #wrap2 { background:url("http://www.blogblog.com/harbor/lighthouse_left.jpg") no-repeat left 0px; } #wrap3 { background:url("http://www.blogblog.com/harbor/cloud_left.jpg") no-repeat right 75px; } #wrap4 { background:url("http://www.blogblog.com/harbor/center_cloud_left.jpg") no-repeat 50% 0px; padding:15px; width:100%; width/* */:/**/auto; width: /**/auto; } #outer-wrapper { max-width:890px; padding: 0 30px 50px; width:100%; width/* */:/**/auto; width: /**/auto; } html>body #outer-wrapper { border:3px double #fff; } #main-wrapper { width:64%; float:right; word-wrap: break-word; /* fix for long text breaking sidebar float in IE */ overflow: hidden; /* fix for long non-text content breaking IE sidebar float */ } #main { margin:0; padding:0; } #sidebar-wrapper { width:32%; float:left; word-wrap: break-word; /* fix for long text breaking sidebar float in IE */ overflow: hidden; /* fix for long non-text content breaking IE sidebar float */ } #sidebar { margin:0; padding-top: 170px; } /** Page structure tweaks for layout editor wireframe */ body#layout #outer-wrapper, body#layout #sidebar, body#layout #wrap4, body#layout #header { margin-top: 0; margin-bottom: 0; padding: 0; } body#layout #sidebar-wrapper { width: 180px; margin-left: 0; } body#layout #wrap4, body#layout #outer-wrapper { width: 650px; } /* Header ----------------------------------------------- */ #header { padding-top:15px; padding-right:0; padding-bottom:10px; padding-left:110px; position: relative; } .Header h1 { margin:0 0 .25em; color:#667788; font: normal normal 270% Georgia, Serif; } .Header h1 a { color:#667788; text-decoration:none; } .Header .description { margin:0; max-width:700px; line-height:1.8em; text-transform:uppercase; letter-spacing:.2em; color:#667788; font: normal normal 75% Georgia, Serif; } /* Headings ----------------------------------------------- */ h2 { margin:1.5em 0 .75em; line-height: 1.4em; font: normal normal 78% Georgia, Serif; text-transform:uppercase; letter-spacing:.2em; color:#993333; } /* Posts ----------------------------------------------- */ h2.date-header { margin:2em 0 .5em; color: #993333; font: normal normal 78% Georgia, Serif; } .post { margin:.5em 0 1.5em; } .post h3 { margin:.25em 0 0; padding:0 0 4px; font-size:140%; font-weight:normal; line-height:1.4em; } .post h3 a, .post h3 strong { background:url("http://www.blogblog.com/harbor/icon_lighthouse.gif") no-repeat left .15em; display:block; padding-left:20px; text-decoration:none; color:#336688; font-weight:normal; } .post h3 strong { background-image:url("http://www.blogblog.com/harbor/icon_lighthouse2.gif"); color:#000; } .post h3 a:hover { color:#993333; } .post-body { background:url("http://www.blogblog.com/harbor/divider.gif") no-repeat center top; padding-top:12px; margin:0 0 .75em; line-height:1.6em; } .post-body blockquote { line-height:1.3em; } .post-footer { color:#999; text-transform:uppercase; letter-spacing:.1em; font-size: 78%; line-height: 1.4em; } .comment-link { margin-left:.4em; } .post-footer .post-timestamp, .post-footer .post-author { color:#666; } .comment-link strong { font-size:130%; } .comment-link { margin-left:.4em; } .post img { padding:4px; border:1px solid #cde; } /* Comments ----------------------------------------------- */ #comments { background:url("http://www.blogblog.com/harbor/divider.gif") no-repeat center top; padding:15px 0 0; } #comments h4 { margin:1em 0; font-weight: bold; line-height: 1.6em; text-transform:uppercase; letter-spacing:.2em; color: #993333; font: bold 78% Georgia Serif; } #comments h4 strong { font-size:130%; } #comments-block { margin:1em 0 1.5em; line-height:1.4em; } #comments-block dt { margin:.5em 0; } #comments-block dd { margin:.25em 20px 0; } #comments-block dd.comment-timestamp { margin:-.25em 20px 1.5em; line-height: 1.4em; text-transform:uppercase; letter-spacing:.1em; } #comments-block dd p { margin:0 0 .75em; } .deleted-comment { font-style:italic; color:gray; } .feed-links { clear: both; line-height: 2.5em; } #blog-pager-newer-link { float: left; } #blog-pager-older-link { float: right; } #blog-pager { text-align: center; } .comment-footer { font: 78%/1.4em Georgia , Serif; } /* Sidebar Content ----------------------------------------------- */ .sidebar .widget, .main .widget { background:url("http://www.blogblog.com/harbor/divider.gif") no-repeat center bottom; margin:0 0 15px; padding:0 0 15px; } .main .Blog { background-image: none; } .sidebar ul { list-style:none; margin-left: 0; } .sidebar li { margin:0; padding-top:0; padding-right:0; padding-bottom:.25em; padding-left:15px; text-indent:-15px; line-height:1.5em; } .sidebar p { color:#666; line-height:1.5em; } /* Profile ----------------------------------------------- */ .profile-datablock { margin:.5em 0 .5em; } .profile-data { margin:0; font: normal normal 78% Georgia, Serif; font-weight: bold; line-height: 1.6em; text-transform:uppercase; letter-spacing:.1em; } .profile-img { float: left; margin-top: 0; margin-right: 5px; margin-bottom: 5px; margin-left: 0; padding: 4px; border: 1px solid #cde; } .profile-textblock { margin:.5em 0 .5em; } .profile-link { font:78%/1.4em Georgia,Serif; text-transform:uppercase; letter-spacing:.1em; } /* Footer ----------------------------------------------- */ #footer-wrapper { clear:both; padding-top:15px; padding-right:30px; padding-bottom:0; padding-left:50px; text-align: center; } #footer .widget { background:url("http://www.blogblog.com/harbor/divider.gif") no-repeat center top; margin:0; padding-top:15px; line-height: 1.6em; text-transform:uppercase; letter-spacing:.1em; } -->

Sunday, May 11, 2008

Implement password expiration dates for SQL Server 2000

Introduction

This article discusses a method that you can use to implement password expiration dates for Microsoft SQL Server logins. The method uses one user-created table, and three stored procedures. This method is just one variation that you can use, and you can modify the method to fit your own needs.If you have Microsoft SQL Server running in Integrated Security mode under Microsoft Windows 2000 or a later version, you can rely on Windows for the expiration of the password. Whenever possible, we recommend that you use the Integrated Security mode for connections to SQL Server. Windows authentication helps provide security enforcement mechanisms such as stronger authentication protocols, and mandatory password complexity and expiration.The method discussed in this article applies to an instance of SQL Server that is running in mixed security mode.
1.Create a table in the master database that will hold the following:
•The user login ID.
•The date the password was last changed.
•The last password that was used

Note Only the system administrator (sa) should have access to this table

CREATE TABLE PW_DATE

(

SID VARBINARY(85),

DATE DATETIME,

OLD_PW SYSNAME NULL

)

2. Create a stored procedure that will determine whether the password has expired. If the password has expired, the procedure will then assign the login ID a new password, and the user must have the sa change it back. Additionally, you may also want to include other checks that you consider appropriate for your environment. The only two logins the procedure will not change the password for are the sa or the PROBE logins. The following example sets the password to expire after 30 days, and it lists all the users whose passwords have expired.

Note Only the sa should have EXECUTE permission.

CREATE PROCEDURE SP_PASSWORD_CHECK

(@secret nvarchar(128))

AS

DECLARE @sid varbinary(85)

DECLARE @date datetime

DECLARE @name nvarchar(128)

DECLARE crsPW

CURSOR FOR SELECT SID,[DATE] FROM PW_DATE WHERE DATEADD(DAY, 30, PW_DATE.DATE) <= GETDATE()

OPEN crsPW

FETCH NEXT FROM crsPW INTO @sid, @date WHILE (@@FETCH_STATUS=0)

BEGIN SELECT @name = [NAME] FROM syslogins WHERE sid = @sid AND syslogins.[name] NOT IN ('sa', 'probe') IF @@ROWCOUNT = 1 EXEC sp_password NULL, @secret, @name

FETCH NEXT FROM crsPW INTO @sid, @date

END

CLOSE crsPW

DEALLOCATE crsPW

3. Run the SP_PASSWORD_CHECK procedure nightly by using a Transact-SQL script that is similar to the following: USE MASTERGOEXEC SP_PASSWORD_CHECK 'gulliver'GO
To run the Transact-SQL script run nightly, add a Transact-SQL Script step to a New Job in SQL Server Agent, and then schedule the job to run nightly.

4. Instead of using the SP_ADDLOGIN and the SP_PASSWORD stored procedures, you will use two new stored procedures. The SP_CORP_ADDLOGIN stored procedure replaces the SP_ADDLOGIN stored procedure, and the SP_CORP_PASSWORD stored procedure replaces the SP_PASSWORD stored procedure.

To make sure that the old procedures are not used, revoke execute permissions for both the SP_ADDLOGIN stored procedure and for the SP_PASSWORD stored procedure.
Note You can modify the SP_ADDLOGIN and the SP_PASSWORD stored procedures. However, if you install an upgrade, make sure that you do not remove the SP_ADDLOGIN or the SP_PASSWORD stored procedures.
CREATE PROCEDURE SP_CORP_ADDLOGIN

@LOGIN_ID VARCHAR(30),

@PASSWD VARCHAR(30) = NULL,

@DEFDB VARCHAR(30) = NULL AS

EXEC SP_ADDLOGIN @LOGIN_ID, @PASSWD, @DEFDB

INSERT INTO PW_DATE (SID, DATE, OLD_PW)

VALUES

(SUSER_SID(@LOGIN_ID), GETDATE(), NULL)
GO


CREATE PROCEDURE SP_CORP_PASSWORD

@OLD VARCHAR(30) = NULL,

@NEW VARCHAR(30),

@LOGIN_ID VARCHAR(30) = NULL AS

EXEC SP_PASSWORD @OLD, @NEW, @LOGIN_ID IF (@LOGIN_ID = NULL) BEGIN

UPDATE PW_DATE SET DATE = GETDATE(), OLD_PW = @OLD WHERE SID = SUSER_SID ()

END

ELSE

BEGIN

UPDATE PW_DATE SET DATE = GETDATE(), OLD_PW = @OLD WHERE SID = SUSER_SID(@LOGIN_ID)

END
5. The final step is to initialize the system. If you have an active system with user login IDs, the sa should run the following query to load the PW_DATE table with the starting values:
INSERT INTO PW_DATE (SID, DATE, OLD_PW) SELECT SYSLOGINS.SID, GETDATE(), SYSLOGINS.PASSWORD FROM SYSLOGINS
Now, the system should be ready. You can vary this method to meet your own needs
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)