Solved

Can a virus cause passwords to expire on a network?

Posted on 2009-04-03
8
192 Views
Last Modified: 2013-12-04
At my job every network login that did not have the "password never expires" checkbox checked in Active Directory was prompted to change passwords.  Individually, user accounts did not have a expiration date.  After looking more in depth I found a group policy for the entire district where passwords have a max age of 45 days.  However, I don't believe that anyone specifically set that.  Can a virus set that policy?  

In addition we had to temporarily shut down our firewall that was incorrectly blocking secure traffic.
0
Comment
Question by:AtypicalIC
  • 3
  • 2
8 Comments
 
LVL 4

Expert Comment

by:thsteph
ID: 24065218
that's a group policy and is intended for maximizing the security, not minimizing it ... don't thing a virus could do that.

regards
0
 
LVL 4

Expert Comment

by:thsteph
ID: 24065231
btw ... isn't that the default policy for expiration of password?
0
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 24065242
the 45 days comes by default
0
 

Author Comment

by:AtypicalIC
ID: 24065952
I know it sounds crazy to complain that a security policy is suddenly enforced. However, the odd thing is that  ALL the passwords expired at the same time even though passwords were definitely not assigned at the same time and many were, according to the policy, expired days months and even possibly years ago.

On the opposite side, is there anything that would have prevented the policy from working normally that suddenly allowed it (perhaps the firewall was blocking a network trigger message)?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24066198
you are talking about the default domain policy right ? The default settings in 45  days on windows 2003

did you upgrade your domain from 2000 to 2003 or something similar ?

btw why is this question in the exchange section ?
0
 
LVL 4

Expert Comment

by:thsteph
ID: 24066873
the one and only time I faced a virus changing my password on a server was for my SA password on MSSQL. never for security policy. either way, if your policy remains on 45 days, just leave it as is an d monitor it a bit. see if it actually exparies on 45 days. maybe you have forced the group pilicy forcing the passwords to expire on the same day!!
you could always try setting it to a lower number for easier monitoring
regards
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now