Wednesday, June 18, 2014

SharePoint 2013 Access App does not enforce password policy when creating passwords



During SharePoint 2013 implementation, our DBA found an issue with the logins that Access Services creates during periodically auditing. When SharePoint access app logins are created the enforce password policy option is not being selected and this is a security requirement for our company. All logins need to be created with a password that meets Qualcomm’s password policy and this option must be selected.

Here is an example of the option from our DBA.





When a login is created check_policy needs to be set to ON:
CREATE LOGIN [TestLogin]
WITH PASSWORD = 'passwordgoeshere',
DEFAULT_DATABASE = [master], CHECK_POLICY = ON
 
We are on Dec 2013 CU and we are working with Microsoft to see whether this could be resolved in future CU or SP.

No comments:

Post a Comment