locked
Microsoft Baseline Security Analyzer RRS feed

  • General discussion

  • Hello
     I run windows vista 64 bit and routinely use  Microsoft Baseline Security Analyzer, today it it reporting a problem 

     password expiration 2 out of 8 user accounts have passwords that are  non expiring (these are onecare 137136532 and onecare 333189476)

     I know how to change this so that they are not non expiring i have made my own passwords non expiring, but how will this effect onecare ?

     This is new i have had onecare for 6 months any ideas ?
    Sunday, December 14, 2008 5:43 PM

All replies

  • Ignore the message from the Baseline Security Analyzer. These would be system accounts needed by OneCare. If you change the passwords, it will break OneCare most likely.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Monday, December 15, 2008 2:43 AM
    Moderator
  • hi steve

    thanks for your reply, just to clarify

    i did not mean i would change password, but the "non expiring" setting Using local Group Policy/ Security Settings

    What do you think

    peter
    Monday, December 15, 2008 10:29 AM
  • Well, if you went in and changed the settings for the accounts for the password to expire, I suspect that OneCare may have a problem with that. Since the MSBSA is complaining that the passwords are non-expiring, do you mean that you want to apply the Policy to allow non-expiring passwords? I don't see that as having any effect as the acounts (and yours) already have non-expiring passwords.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Monday, December 15, 2008 3:23 PM
    Moderator
  • hi steve   no i have not changed anything so far !

    What i was thinking is to change the 2 OneCare accounts making them expiring passwords, but as you say it could cause problems i will leave alone.

    Why has this only showed up recently, has OneCare or  MSBSA had a policy change ?  it bugs me when i get a the "orange shield explanation mark" from MSBSA !

    many thank

    peter
    Monday, December 15, 2008 3:52 PM
  • I don't know if it was a change to the MBSA or to OneCare, but I suspect the former. I don't use the MBSA, so I've not encountered it. My suspicion is that most users of OneCare wouldn't be using the MBSA, assuming that OneCare was monitoring and taking care of their security needs. It would bug me to see an alert, too, by the way. :-)
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Monday, December 15, 2008 4:04 PM
    Moderator
  • Peter,

    As you've already determined in your discussions with Steve, changing anything relating to these OneCare passwords is likely to break something in OneCare down the road.

    As for the MBSA password notifications, you can tell MBSA to ignore specific accounts. Simply go to the MBSA installation directory, using Notepad, open NoExpireOk.txt and enter the names of the accounts you do not want MBSA to flag for this warning. Since your system is running Vista, you'll probably need to elevate an instance of notepad.exe to make these changes.

    OneCareBear


    Windows OneCare Forum Moderator
    Monday, December 15, 2008 4:40 PM
    Moderator
  • Excellent !!    .........  thanks OneCareBear       

    that worked perfectly, although you have shown me something new and i see endless possibilities with notepad,  hope i dont break anything !

    thankyou

    peter
    Monday, December 15, 2008 5:35 PM