PCI Compliance question

Giganews Newsgroups
Subject: PCI Compliance question
Posted by:  Padraig25 (Padraig…@discussions.microsoft.com)
Date: Tue, 24 Oct 2006

I work at a uni and am faced with PCI compliance on my payment gateway server
(2003 enterprise). This server is part of the credit card transaction
process.  One of the requirements of the PCI standard is that unused user
accounts automatically get set to disabled after a certain amount of time.
This server will only have a few local accounts on it and is not a member of
a domain so I could easily hand manage the creation, modification, and
deletion of accounts, but that’s not good enough. Does anyone know of a way
to set this up on the windows box for local accounts to expire if not used in
a certain amount of time????  I found all the other necessary settings in the
local security settings account policies.  Maybe I have to go with a third
party product to handle this??  Thanks

Replies