Re: Administrator Password Never Expires

From: John Wessell (ReplyToNewsgroup_at_id0ntl1kespam.net)
Date: 06/24/04 

Date: Thu, 24 Jun 2004 10:35:51 -0400

Why not audit the PasswordLastSetTime field to make sure the admins are, in
fact, following the reg? I use Dumpsec
(http://www.systemtools.com/somarsoft) to dump the directory listing of user
accounts to a CSV then import it to MSAccess. Works very well to catch
admins who set their own accounts' passwords to never expire.

HTH

John

"Steven L Umbach" <n9rou@nscomcast.net> wrote in message
news:A%hCc.79949$Hg2.47358@attbi_s04...
> I believe that is hard coded into the operating system and can not be
easily
> changed [I know of no way]. You can use passprop to lockout that account
to
> network logon attempts but never to console logon at a domain controller.
In
> Windows 2003 you can disable the built in administrator account except to
> safe mode logon. --- Steve
>
>
> "MCSEStretch" <MCSEStretch@discussions.microsoft.com> wrote in message
> news:AE0CFCE4-1925-4B4F-986C-C69F2DC97C42@microsoft.com...
> > It would appear when auditing various domains that the Administrator
> account in the domain has the "password never expires" block checked and
the
> box is disabled (read: greyed out) so that setting cannot be changed to
> make the domain administrator password expire.
> >
> > Is there a way to make the account expire (or at least ask/force the
> account to change the password)?
> >
> > Thanks in advance!
> > Jeremy Shelley, MCSE, CISSP
> >
> > P.S. I know it's not exactly a good idea to have your Domain
Administrator
> account expire but governmental rules are governmental rules.
>
>

Relevant Pages

  • Re: Login as local admin
    ... So if i basically ensure that my domain administrator account is a member of ... the schema admins, and enterprise admins, and login using these credentials, ... The article does not reference "local" administrator (as far as I ... If you choose to use an account other than the built-in administrator ...
    (microsoft.public.windows.server.sbs)
  • Re: Login as local admin
    ... schema admins, enterprise admins and the other groups mentioned, but the ... installing SBS SP1. ... So if i basically ensure that my domain administrator account is a member ... The article does not reference "local" administrator (as far as I ...
    (microsoft.public.windows.server.sbs)
  • Re: Login as local admin
    ... schema admins, enterprise admins and the other groups mentioned, but the ... So if i basically ensure that my domain administrator account is a member ... The article does not reference "local" administrator (as far as I ... As i am trying to install SBS SP1, ...
    (microsoft.public.windows.server.sbs)
  • Re: Upgrade SBS2000 to SBS2003
    ... Specify an account with Enterprise Administrator prrivileges to the ... The domain Administrator account should be a member of the Enterprise ... Enterprise Admins" error when you run the Windows Small Business ...
    (microsoft.public.backoffice.smallbiz2000)
  • RE: I shot my foot off almost and the Admin cant log into the server locally
    ... The Administrator account can still log on to the ... I have a back up administrator and that works fine. ... Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creators, Internet Users, Mobile Users, and Schema Admins. ...
    (microsoft.public.windows.server.sbs)