cancel
Showing results for 
Search instead for 
Did you mean: 

Password Set To Never Expire On windows 2003

Hi,

 

Anyone please help with setting up an alarm for password set to never expire on windows 2003 and before.

 

I know with windows 2008 you use the SID=43-263047380 and event_class (In) [Don't Expire Password - Enabled] but what about on windows server 2003 and before?

1 Reply
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Password Set To Never Expire On windows 2003

Hi

1- connect the SIEM with the AD (that is a separete artical ) 

2 - create a watchlist with the next configurations:

      1 - set to dynamic,  and Hourly at specefied minutes - 45 minutes

      2 - in the Source tab configure the LDAP source type

      3 - in the Query tab past in the Lookup Attribute - sAMAccountName

            and in the Query Pate - 

(&(sAMAccountType=805306368)(userAccountControl:1.2.840.113556.1.4.803:=2))

       4 - in the Values tab set the type to  - Source User

after testing the communication, saving etc.

create a correlation rule triggering when the Source user is in the Watchlist created abuve.

Best regards.

       

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community