Posted by Erland Sommarskog on 05/10/07 22:14

Larry Bertolini (bertolini.1@osu.edu) writes:
> On Tue, 8 May 2007 22:16:48 +0000 (UTC), Erland Sommarskog
><esquel@sommarskog.se> wrote:
>>In this case you will see that the generated command includes the
>>OLD_PASSWORD clause. And if you supply the correct old password
>>for the user, it works.
>
> That's kind of an odd design decision, IMO, considering that
> "user forgot password" is probably the most common reason
> that a securityadmin would change a password; at that point,
> nobody knows the old password.

Good point. I was a little uncertain what to file a bug for, but you are
right. What's the point with being permitted to change logins, if you
cannot help people who have forgotten their password. I filed a bug
at
https://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=276639

and I also sent in feedback on the topic in Books Online.


--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

[Back to original message]