The CHECK_POLICY and CHECK_EXPIRATION options cannot be turned OFF when MUST_CHANGE is ON

 

ERROR MESAGGE:

“The CHECK_POLICY and CHECK_EXPIRATION options cannot be turned OFF when MUST_CHANGE is ON.”

EXPLANATION:

When logging in to SQL Server Instance with a Login, you can receive a message that your password has expired and should be changed. If you receive such a warning message, then this means that the “CHECK_EXPIRATION” property of the corresponding Login is enabled.

If your password expires, the password must be updated. If you want to cancel the “CHECK_EXPIRATION” feature from the Login ‘s properties without updating the password, you will see the above error message.

SOLUTION:

First of all, the password of the corresponding Login must be changed. You can do this using the SSMS interface or T-SQL commands.

SSMS:
– Open SSMS -> Security -> Logins, then right-click on the corresponding Login and open the Properties window.
– Change the password of Login and uncheck “User must change password at next login”. Click ‘OK’ to close the window.
– If you do not want the Password Policy and Password Expiration rule to be reapplied for this Login, you can re-open the Login’s Properties window and uncheck “Enforce password expiration” and “Enforce password policy”. We could not do this before because the previous step must be completed first.

T-SQL:
Aşağıdaki komutu kullanarak ilgili Login’ in şifresini değiştirin.

If you want, you can then close the CHECK_EXPIRATION and CHECK_POLICY properties by using the following command.

Ekrem Önsoy
Author: Ekrem Önsoy

The original article was written in Turkish by Ekrem Önsoy and translated to English by dbtut with the consent of the author. The copyright of the article belongs to the author. The author shall not be liable in any way for any defect caused by translation.

Leave a Reply

Your email address will not be published. Required fields are marked *