|
-
March 30th, 2004, 12:31 PM
#1
Password (Last Changed)
Is there a way to tell when a user last changed their password?
-
March 30th, 2004, 12:43 PM
#2
Errr,
I take it we are talking Windows?......which version of NT... (the question is obviously irrelevant to 9x/ME)
I have always worked with software that would tell the user to change their password.....I never bothered to find out if it recorded when this was done............just forced it once every "x" days?
Not too sure of your requirement here, more info please? A 28 day enforced change cycle is quite reasonable.....but I am not sure if the actual change is monitored?...for higher levels of security I would also like the MAC addy of the box, any net connection details & so on? preferably can only be done at your personal workstation?
I think that you might be heading in an interesting direction here?
Keep it going please 
EDIT: I remember seeing old IBM "big" systems nagging because you had not changed your PW..............but I was very young then, and did not know what was driving it.
Those were the "enemy within" days of security 
-
March 30th, 2004, 01:00 PM
#3
-
March 30th, 2004, 01:22 PM
#4
I normally one of two tools to check out the last time a password was changed for a user. the links to their home sites are below. The two tools are both comercial with the usual 30 days trial period.
hyena
dameware
As an aside the information is held in the sam so it should be easy enought to extract it with a script. If i find a tool to do this I wil let you know.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
March 30th, 2004, 01:33 PM
#5
You can also use Retina as it does pick up when various accounts have had passwords changed. But wouldn't this show up in the event viewer? (or is this one of those things that has to be enabled?)
-
March 30th, 2004, 01:39 PM
#6
It would show up in the event viewer, but with multiple users and large audit logs. How far back would you go looking? It could take a couple hours to find it, unless someone knows a short cut or the exact code I need.
-
March 30th, 2004, 01:44 PM
#7
I am fairly sure that the basic audit options will only tell you when some one logs on or tries to log on. To have the information on changes made to an account like it being locked out or the password being changed you have to activate it. The link below is an artical from microsoft on the different events for users.
users account audits
The problem in my experiance with the event log is that it tends to be like looking for a needle in a hay stack to find any information. Especially if you are looking for something that was logged more than a couple of days before. Still it is possiable if you extract the log and import it into something like EXcel.
edit : If it is for proffessional use go with hyena. I personnaly find it to be the most versitile software of its type i have used.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
March 30th, 2004, 02:33 PM
#8
can someone add a screen shot of an audit record relating to a password change?
-
March 30th, 2004, 03:40 PM
#9
You can always use filter in the Event Viewer to filter the exact event (Password Change) you want!
-
April 1st, 2004, 07:59 PM
#10
I do a majority of my work on a nix system, can anyone tell me the specific keyword I am using to find filter out a password change?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
