KRBTGT Password Last Set Monitor Monitor

  • ID:  Microsoft.Windows.AD.DomainMemberPerspective.Security.KrbtgtPasswordLastSet.Monitor
  • Description:  Monitors the krbtgt password to make sure that it was changed within the configured threshold.
  • Target:  Active Directory Domain Member Perspective
  • Enabled:  Yes

Operational States

Name State Description
KRBTGT Password Last Set OK Success  
KRBTGT Password Last Set Error Warning  

Overridable Parameters

Parameter Name Default Value Description Override
Interval (sec) 86400  
Timeout Seconds 300  
Age of Password (days) 90  

Alert Details

Monitor State Message Priority Severity Auto Resolution
KRBTGT Password Last Set Error (Warning) The KRBTGT Password Last Set monitor has failed. The password is older than the configured threshold. Medium Match Monitor Health Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

Monitor that checks the pwdLastSet attribute of the krbtgt account and compares it to a threshold for age. The pwdLastSet attribute marks the date that the password was last set.

Resetting the krbtgt account password is a security best practice. A stolen krbtgt account password can wreak havoc on an organization because it can be used to impersonate authentication throughout the organization thereby giving an attacker access to sensitive data.

One way to help mitigate the risk of a bad actor using a compromised krbtgt key to forge user tickets is by periodically resetting the krbtgt account password. Resetting this password on a regular basis reduces the useful lifetime of krbtgt keys, in case one or more of them is compromised.
Causes

Possible causes include the following:

  • Password age of the krbtgt account has exceeded the threshold.
Resolutions

Reset the password of the krbtgt account.
External References

See Also for Active Directory (AD) Monitoring Management Pack


Downloads for Active Directory (AD) Monitoring Management Pack

Back to top
AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED