Asked by:
Microsoft Baseline Security Analyzer

General discussion
-
Hello
I run windows vista 64 bit and routinely use Microsoft Baseline Security Analyzer, today it it reporting a problem
password expiration 2 out of 8 user accounts have passwords that are non expiring (these are onecare 137136532 and onecare 333189476)
I know how to change this so that they are not non expiring i have made my own passwords non expiring, but how will this effect onecare ?
This is new i have had onecare for 6 months any ideas ?Sunday, December 14, 2008 5:43 PM
All replies
-
Ignore the message from the Baseline Security Analyzer. These would be system accounts needed by OneCare. If you change the passwords, it will break OneCare most likely.
-steve
Microsoft MVP Windows Live / Windows Live OneCare Forum ModeratorMonday, December 15, 2008 2:43 AMModerator -
hi steve
thanks for your reply, just to clarify
i did not mean i would change password, but the "non expiring" setting Using local Group Policy/ Security Settings
What do you think
peterMonday, December 15, 2008 10:29 AM -
Well, if you went in and changed the settings for the accounts for the password to expire, I suspect that OneCare may have a problem with that. Since the MSBSA is complaining that the passwords are non-expiring, do you mean that you want to apply the Policy to allow non-expiring passwords? I don't see that as having any effect as the acounts (and yours) already have non-expiring passwords.
-steve
Microsoft MVP Windows Live / Windows Live OneCare Forum ModeratorMonday, December 15, 2008 3:23 PMModerator -
hi steve no i have not changed anything so far !
What i was thinking is to change the 2 OneCare accounts making them expiring passwords, but as you say it could cause problems i will leave alone.
Why has this only showed up recently, has OneCare or MSBSA had a policy change ? it bugs me when i get a the "orange shield explanation mark" from MSBSA !
many thank
peterMonday, December 15, 2008 3:52 PM -
I don't know if it was a change to the MBSA or to OneCare, but I suspect the former. I don't use the MBSA, so I've not encountered it. My suspicion is that most users of OneCare wouldn't be using the MBSA, assuming that OneCare was monitoring and taking care of their security needs. It would bug me to see an alert, too, by the way. :-)
-steve
Microsoft MVP Windows Live / Windows Live OneCare Forum ModeratorMonday, December 15, 2008 4:04 PMModerator -
Peter,
As you've already determined in your discussions with Steve, changing anything relating to these OneCare passwords is likely to break something in OneCare down the road.
As for the MBSA password notifications, you can tell MBSA to ignore specific accounts. Simply go to the MBSA installation directory, using Notepad, open NoExpireOk.txt and enter the names of the accounts you do not want MBSA to flag for this warning. Since your system is running Vista, you'll probably need to elevate an instance of notepad.exe to make these changes.
OneCareBear
Windows OneCare Forum ModeratorMonday, December 15, 2008 4:40 PMModerator -
Excellent !! ......... thanks OneCareBear
that worked perfectly, although you have shown me something new and i see endless possibilities with notepad, hope i dont break anything !
thankyou
peterMonday, December 15, 2008 5:35 PM