Recently I was performing a security audit for a client. One of the many things I had to check was the enforcement of password policies for any SQL Server created accounts.
You know, that policy that says you must have some combination of 6 or more characters, upper and lower case, a number, and special characters, etc.
These policies are controlled by the server policy settings and were something easy to check. The actual passwords and that they were safe, not so much.
Click through for the script.