Closed PorreKaj closed 2 months ago
An-dir
commented
2 months ago You should check the LastLogonDate as well. Sometimes LastLogonDate is far in the future.
(PwdLastSet +45 days) < LastLogonDate Take a look at the source to understand it: https://github.com/netwrix/pingcastle/blob/master/Healthcheck/Rules/HeatlcheckRuleStaledPwdLastSet45.cs#L26
PorreKaj
commented
2 months ago Sure, but thats not really relevant for the Password last set attribute :-)
An-dir
commented
2 months ago Why do you think it is not relevant? Please explain.
An-dir
commented
2 months ago a computer should normally change it's password every 30 days. It can only do this when it was connected to the AD. so the online state is represented by lastlogontimestamp.
PorreKaj
commented
2 months ago oh sorry sure, I meant for the rule check, last logon shouldn't be relevant. all servers related to the screenshot of dates are in use, and the last logon attributes are recent.
An-dir
commented
2 months ago ok. did you try running pingcastle with an administrator elevated. in some configurations pingcastle cannot detect all data and the calculation cannot be accurate.
PorreKaj
commented
2 months ago Last logon might be relevant after all, for some reason they are all in the future for those devices. I assume Pingcastle evaluates the age of the password by comparing lastlogon with password last set.
Seems like there is a bug in riskrule S-PwdLastSet-45, where it falsely reports issues with computers that has had password chance as recently as 2 weeks ago.
I'd wager that there might be a bug in the handling of dates since we just entered September.