Information
This policy setting ensures that all accounts are password protected.
Rationale:
The lack of password protection enables anyone to gain access to the system, which opens a backdoor opportunity for intruders to compromise the system as well as other resources.
Impact:
All accounts will be required to have a password for protection.
Solution
Configure all enabled accounts to require passwords.
Note: The password required flag can be set by entering the following on a command line: 'Net user [username] /passwordreq:yes', substituting [username] with the name of the user account.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224838
Rule ID: SV-224838r569186_rule
STIG ID: WN16-00-000220
Severity: CAT II