Setting the value of the CHECK_EXPIRATION option to ON for all the SQL authenticated logins within the sysadmin role

Note: Changing this setting can impact all the other products that use the SQL authenticated login with the sysadmin role. Ensure that the settings do not impact the other products.

The password expiration policy is same for the Windows and the SQL Server.

When the the SQL logins comply with the secured password policy applied by the Windows server benchmark, the passwords for the SQL logins, with the Sysadmin privileges, are changed on a frequent basis to prevent a compromise through a brute force attack. CONTROL SERVER is an equivalent permission to the sysadmin role and the logins with that permission must have expiring passwords.

Execute the T-SQL query by replacing the [login_name] with the SQL authenticated logins having the sysadmin role.

ALTER LOGIN [login_name] WITH CHECK_EXPIRATION = ON;