Perhaps on highly sensitive accounts. If they are properly secured only a very select # of people could change them anyway. It all depends on the auditor, how well they understand it and the control in my experience.
We keep track with a 3rd party product that can do the who-what-where kind of auditing they like for privileged objects. The native logs are quickly unmanageable in an environment of any size for this kind of reporting IME. OPs requirement was much simpler the way I read it. “to prove that we change administrative passwords on a periodic basis” From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Thursday, November 29, 2012 9:30 AM To: NT System Admin Issues Subject: RE: Auditing proof of password change My guess is that an auditor might want to see proof of who changed it, not just that it changed. For that you will need the logs. Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com<mailto:> [cid:image001.jpg@01CDCE18.D6D431E0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: "Free, Bob" <r...@pge.com<mailto:r...@pge.com>> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Date: 11/29/2012 12:20 PM Subject: RE: Auditing proof of password change ________________________________ User objects have an attribute called pwdlastset. Report on that. Simple as that. Don’t overcomplicate it rooting around in logs ☺ FWIW- Our auditors accept the account policy as general evidence of password aging. You might want to look into that. From: David Lum [mailto:david....@nwea.org] Sent: Thursday, November 29, 2012 7:20 AM To: NT System Admin Issues Subject: Auditing proof of password change I have an audit request to prove that we change administrative passwords on a periodic basis. Surely some of you have to do this on occasion and if so, how do you go about it? Event log reporting? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ PG&E is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin PG&E is committed to protecting our customers' privacy. To learn more, please visit http://www.pge.com/about/company/privacy/customer/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>