Expire passwords in syslogins at the end of the password downgrade period.
To configure login passwords to expire, use:
sp_passwordpolicy "expire login passwords"[, "[loginame | wildcard]"
To configure role passwords to expire, use:
sp_passwordpolicy "expire role passwords"[, "[rolename | wildcard]"
To configure stale login passwords to expire, use:
sp_passwordpolicy "expire stale login passwords", "datetime"
To configure stale role passwords to expire, use:
sp_passwordpolicy "expire stale role passwords", "datetime"
Passwords that are not changed since the date you set in the datetime parameter of the sp_passwordpolicy "expire stale login passwords," expire when you execute the command. Users are automatically required to change their passwords after the password downgrade period ends.
You can also lock stale logins or roles; however this requires you to reset the password manually for legitimate users to access their login account again.
To obtain the current value of allow password downgrade enter:
sp_passwordpolicy ‘list’, ‘allow password downgrade’
The result set includes the current value, and a message indicating its meaning.
If you have upgraded the master database, and are maintaining passwords with the old and new encodings, the result is:
sp_passwordpolicy 'list', 'allow password downgrade' go
value message -------- ----------------------------------------------------- 1 Password downgrade is allowed. (1 row affected)
For an upgraded master database that only uses new password encryption, the result is:
sp_passwordpolicy 'list', 'allow password downgrade' go
value message -------- ----------------------------------------------------- 0 Last Password downgrade was allowed on <datetime>. (1 row affected)
For a new master database on Adaptive Server 15.0.2 that only uses new password encryption, the result is:
sp_passwordpolicy 'list', 'allow password downgrade' go
value message -------- ----------------------------------------------------- NULL New master database. (1 row affected)
