I recently encountered a problem creating new logins with SQL Server. Something that has worked for years suddenly stopped with the following error:
Password validation failed. The password does not meet Windows policy requirements because it is too short.
Since SQL Server was using Windows local security policy I went and checked that at Security Settings > Account Policies > Password Policy in Local Security Policy (available under Administrative Tools in Control Panel or by opening secpol.msc). As expected, these contained setting that I was not expecting, which were probably changed from the network by a system administrator.
However, I wanted to be able to enter shorter passwords, like 8 characters instead of 10, but this was disabled. Even if I was running as administrator, the option of changing this was disabled.
It is however still possible to modify these settings even if you cannot do it from the management console. You can do it from a command prompt as administrator.
Hits for this post: 3395
- Open a command prompt running as administrator
- Run the following command to export the settings to a file. In my example, the target path is c:\temp\local.cfg, but it can be anything.
secedit /export /cfg c:\temp\local.cfg
- Edit the file with notepad or another editor. The file is an INI file with sections and key-value pairs. The password settings are available under the [System Access] section. For changing the minimum length of the passwords modify the MinimumPasswordLength key.
- Save the file and run the following command to import the settings from the modified file.
secedit /configure /db %windir%\security\local.sdb /cfg c:\temp\local.cfg /areas SECURITYPOLICY
- Close and open the Local Security Policy console again and check the settings.
Last week I have attended ITCamp in Cluj-Napoca, Romania. The conference has already established itself as the most important community-driven technology conference in Romania and lately, as the organizers put it, its focus has shifted from being a Microsoft-centric conference to a technology-centric conference. And this year it has been larger than ever before: 600 attendants, more than 40 speakers, more than 50 sessions and open panels grouped on 5 different tracks. A little bit for everybody. And with so many tracks and session it was a little bit hard to make choices for what to attend or maybe rather what to skip.
All sessions have been recorded and will be made available some time in the future (as far as I understood). In the meanwhile I wanted to point some of the things I seen and learnt at ITCamp. I actually attended more talks than the one mentioned here. Most of them were really good and I apologize to those not mentioned, but I don’t want to mention everything here, so I will try to summarize only a few things that I found the most interesting.
Hits for this post: 7531
I have attended several talks on security. Paula Januszkiewicz gave all of us creeps by showing how a skillful person can extract information such as encrypted passwords and history information that the system stores on disk without most users being really aware of it. And even though the secrets are well kept for a regular user, a malicious person or software can exploit weaknesses to extract these information. On the other hand Jayson E. Street shared his experiences with compromising security in all sorts of companies around the world. Having a 100% success rate Jayson doesn’t blame it on the employees or users (explicitly saying there is no such thing as stupid user) but on the lack of education/training on security that companies are providing (or rather not providing) for their employees. His talks made us laugh but also think a lot and hopefully be more aware of things we shouldn’t do from the point of view of security. One thing for sure, I will never plugin a USB stick that I find on my desk in a blank envelope with my name on it. Thanks Jayson!
Internet of Things
Who would have though several years ago that your greenhouse could be monitored and controlled from the internet? That it could send pictures to your phone? That you can make predictions on when and how much to sprinkle based on the existing data? That’s what Laurent Ellerbach, Microsoft Technical Evangelist Lead, shown in his keynote. Sensors, Raspberry PI, cameras, Azure IoT Hub, Stream Analytics, Mobile Services, SQL Azure and others working together to create a real world system for a sprinkler for his small greenhouse at home. It was a very interesting talk with a real life project and its development over time to include more and more services.
PowerShell is now an OOP language
I am not very skilled with PowerShell, though I have to use it from time to time. I had no idea though that PowerShell 5 supports many features from object-oriented programming. These includes: classes, methods, properties, inheritance, enumerations and others. Razvan Rusu delivered an entertaining talk for both developers and sysadmins showing how easy you can do things in PowerShell and what the new OOP features are. It was really interesting and will certainly look at PowerShell from a different perspective from now on.
Raffaele Rialdi gave a compelling introduction to .NET core, its components, flavors, its new deployment mechanism based on NuGet and other related topics.