Information
This policy setting ensures that all outdated or unused accounts are removed or disabled.
The recommended STIG state for this setting is: 35 days or older
Rationale:
Outdated or unused accounts provide penetration points that may go undetected. Inactive accounts must be deleted if no longer necessary or, if still required, disabled until needed.
Impact:
Outdated or unused accounts that are older than 35 days will be deleted or disabled.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Regularly review accounts to determine if they are still active. Remove or disable accounts that have not been used in the last 35 days.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224837
Rule ID: SV-224837r569186_rule
STIG ID: WN16-00-000210
Severity: CAT II