Anyone please help with setting up an alarm for password set to never expire on windows 2003 and before.
I know with windows 2008 you use the SID=43-263047380 and event_class (In) [Don't Expire Password - Enabled] but what about on windows server 2003 and before?
1- connect the SIEM with the AD (that is a separete artical )
2 - create a watchlist with the next configurations:
1 - set to dynamic, and Hourly at specefied minutes - 45 minutes
2 - in the Source tab configure the LDAP source type
3 - in the Query tab past in the Lookup Attribute - sAMAccountName
and in the Query Pate -
4 - in the Values tab set the type to - Source User
after testing the communication, saving etc.
create a correlation rule triggering when the Source user is in the Watchlist created abuve.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center