Re: PCI Compliance question

Giganews Newsgroups
Subject: Re: PCI Compliance question
Posted by:  S. Pidgorny (slavic…
Date: Sun, 29 Oct 2006

The easiest way to address this reqirement is not to have any accounts that
are not used regularly on that system. That is, administrator and service

Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Padraig25" <Padraig…> wrote in message
>I work at a uni and am faced with PCI compliance on my payment gateway
> (2003 enterprise). This server is part of the credit card transaction
> process.  One of the requirements of the PCI standard is that unused user
> accounts automatically get set to disabled after a certain amount of time.
> This server will only have a few local accounts on it and is not a member
> of
> a domain so I could easily hand manage the creation, modification, and
> deletion of accounts, but that's not good enough. Does anyone know of a
> way
> to set this up on the windows box for local accounts to expire if not used
> in
> a certain amount of time????  I found all the other necessary settings in
> the
> local security settings account policies.  Maybe I have to go with a third
> party product to handle this??  Thanks



In response to

PCI Compliance question posted by Padraig25 on Tue, 24 Oct 2006