Has anyone actually tested the check reg-passwd-01 on either a Win2K or Win2003
agent (with XPU 28)? This check is not correct. It is supposed to check for
password complexity setting in Windows. However, it is still using the WinNT
settings for the check. In WinNT there is a registry key
\HKLM\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages. This key has
in the value setting passfilt. That is what this check looks for. It
corresponds with the reg-passwd-02 check which actually looks for the
passfilt.dll file in \WinNT\System32.
However in Windows 2000 and 2003, the passfilt function is now builtin. So
when you enable the local security policy for password complexity, the registry
key from WinNT for password filters is not referenced. Instead the
reg-passwd-01 check should be checking for the existence of the following
registry key in Win2000 or 2003:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\SeCEdit\EnforceEFSPolicy.
Although this key does have some bearing to Encrypted Files Systems, it is the
key that either exists or does not exist when you enable or disable the
password complexity policy.
So once again, I have had to customize a System Scanner Check (#46 so far) to
make it actually work.
If anyone has any other suggestions, I am open.
By the way I used regmon to find the key that is modified/added/deleted when I
change the local policy.
Shelley
--------------------------------------------------------------------
Shelley Coughlan
Bell Canada Corporate Security
Security Operations
Sûreté de l'entreprise - Opérations
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
