Question AD Auditing

[seema kanwal]

Dear Community,


I want to know that who is setting the "Password Never Expire" option for users in our Domain.

We have 5 AD Admins(two global and three with limited rights)

We have a Policy of Password to expire every one Month. But we found out after our Auditors raised this point that a few users have Password set to "Never Expire" and when we verified we found out that they were right. Now instead of blaming anyone we wanted to dig it down as to who exactly did that ?
Kindly help me in finding that out.

Also tell me how can I prevent Admins from doing that in future ?

 

[Aeacus]

Also tell me how can I prevent Admins from doing that in future ?

Give better training for your staff, by educating them what your policies are. If they are trustworthy. If not, then why employ them at all?

Another option is removing the said feature from the software code. (Works great when staff isn't trustworthy.)

I want to know that who is setting the "Password Never Expire" option for users in our Domain.

Every proper system has log files. So, you can look up from log files, who did what.

If there is no logging of staff actions, there's no accountability for any of the staff (e.g admins), and they can do whatever they want, without any consequences. So, better start improving the system you have.

 

[USAFRet]

I want to know that who is setting the "Password Never Expire" option for users in our Domain.

Ask them.
Maybe it was just mistaken instructions.

Then, reinforce the actual rules and settings.
Training.