cancel
Showing results for 
Search instead for 
Did you mean: 

Password Set To Never Expire On windows 2003

Hi,

 

Anyone please help with setting up an alarm for password set to never expire on windows 2003 and before.

 

I know with windows 2008 you use the SID=43-263047380 and event_class (In) [Don't Expire Password - Enabled] but what about on windows server 2003 and before?

1 Reply
Highlighted
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Password Set To Never Expire On windows 2003

Hi

1- connect the SIEM with the AD (that is a separete artical ) 

2 - create a watchlist with the next configurations:

      1 - set to dynamic,  and Hourly at specefied minutes - 45 minutes

      2 - in the Source tab configure the LDAP source type

      3 - in the Query tab past in the Lookup Attribute - sAMAccountName

            and in the Query Pate - 

(&(sAMAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2))

       4 - in the Values tab set the type to  - Source User

after testing the communication, saving etc.

create a correlation rule triggering when the Source user is in the Watchlist created abuve.

Best regards.

       

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator