Re: PCI Compliance question

Giganews Newsgroups
Subject: Re: PCI Compliance question
Posted by:  S. Pidgorny (slavic…@yahoo.com)
Date: Sun, 29 Oct 2006

The easiest way to address this reqirement is not to have any accounts that
are not used regularly on that system. That is, administrator and service
accounts.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Padraig25" <Padraig…@discussions.microsoft.com> wrote in message
news:C5AECD80-8E33-421E-9104-9C19D67B27…@microsoft.com...
>I work at a uni and am faced with PCI compliance on my payment gateway
>server
> (2003 enterprise). This server is part of the credit card transaction
> process.  One of the requirements of the PCI standard is that unused user
> accounts automatically get set to disabled after a certain amount of time.
> This server will only have a few local accounts on it and is not a member
> of
> a domain so I could easily hand manage the creation, modification, and
> deletion of accounts, but that's not good enough. Does anyone know of a
> way
> to set this up on the windows box for local accounts to expire if not used
> in
> a certain amount of time????  I found all the other necessary settings in
> the
> local security settings account policies.  Maybe I have to go with a third
> party product to handle this??  Thanks

Replies

None

In response to

PCI Compliance question posted by Padraig25 on Tue, 24 Oct 2006