Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 18487 Source: MSSQLSERVER

Login failed for SQL Server login '<username>'. The password for this login has expired. [CLIENT: <IP address>].
The password for the login used in your web application has expired. SQL Server 2005 introduced “Enforce password policy” and “Enforce password expiration” configurations, which use the local policies for password length complexity and expiration. Depending on how Active Directory, local policies and your rights are setup, these parameters can be reviewed and changed to dictate how SQL Server uses configurations.

Where can I find the login properties?
   1. Open Management Studio and the object browser.
   2. Navigate to the Security -> Logins folder.
   3. Find the login you are interested in reviewing.
   4. Right click on the login and select the “Properties” option.
   5. On the General tab, review the “Enforce password policy” and the “Enforce password expiration” configurations.

Where can I find the password policies?
Navigate to Start -> All Programs -> Administrative Tools -> Local Security Policy and to review the local policies on the machine.

Next Steps.
1. Review your logins to ensure you are aware if they are using the Enforce password policy and/or the Enforce password expiration configurations.
2. Based on initial research these configurations apply to all editions of SQL Server 2005 from Express to Enterprise.
3. Setup an alert to capture when this event occurs to correct it immediately or determine another means to reset the passwords so these policies do not affect your applications.
4. For additional information about the Enforce password policy and/or the Enforce password expiration configurations reference the Password Policy article in SQL Server 2005 Books Online.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.