cancel
Showing results for 
Search instead for 
Did you mean: 

Password Set To Never Expire On windows 2003

Hi,

 

Anyone please help with setting up an alarm for password set to never expire on windows 2003 and before.

 

I know with windows 2008 you use the SID=43-263047380 and event_class (In) [Don't Expire Password - Enabled] but what about on windows server 2003 and before?

1 Reply
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Password Set To Never Expire On windows 2003

Hi

1- connect the SIEM with the AD (that is a separete artical ) 

2 - create a watchlist with the next configurations:

      1 - set to dynamic,  and Hourly at specefied minutes - 45 minutes

      2 - in the Source tab configure the LDAP source type

      3 - in the Query tab past in the Lookup Attribute - sAMAccountName

            and in the Query Pate - 

(&(sAMAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2))

       4 - in the Values tab set the type to  - Source User

after testing the communication, saving etc.

create a correlation rule triggering when the Source user is in the Watchlist created abuve.

Best regards.

       

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.