Alert for NCM Password Change

Due to the fact that the NCM connection profile password field is just called Password, occasionally we get instances where a users browser will auto-populate the NCM password with the users login password. If this isn't noticed and the change is saved, then next time the device is backed up it locks out the service account that we use to perform device backups.

We want to configure an alert that informs us when a device has its NCM password changed so we can prevent account lockouts in the future. There are audit events for other password changes, but as far as I can tell, nothing for this use case.

Find more posts tagged with

Alert

ncm

password

Accepted answers

All comments

m_roberts

I will ignore the audit log route, as it looks like you have investigated this already.

If you have SAM, then you can create a Template which has a single SQL monitor, which returns a single value such as 1 if the query is the same as expected i.e the password hash value created when you enter the correct password. You can then set the threshold and alert based on the value being 0

The following is the SQL for the global password, but you should be able to adjust according to your needs.

SELECT 
   CASE
      WHEN s.SettingValue = '' THEN '1'
      ELSE '0'
   END AS PasswordChange
FROM NCM_GlobalSettings s
WHERE s.SettingName = 'GlobalPassword'

BaldFeegle

Thanks for this, unfortunately it doesn't help unless I've missed something. I should have made it clearer that this happens at the node level, rather than the global level. So one device might accidentally get the password changed, but when that device comes to be backed up, it locks the account out so nothing is backed up after that device.

Looking at NCM_NodeProperties each node has a different password hash, even though it's the same password. The only way I can currently think of to detect password changes is to take a copy of NCM_NodeProperties every 10 mins (or other suitable time interval) and then compare the hashes between the live table, and the copy table that was created 10 mins before..So each run wqould detect a password that has been changed in the previous 10 mins.