Information
This policy setting ensures that all manually managed application account passwords are changed at least annually or when a system administrator with knowledge of the password leaves the organization.
Rationale:
Setting application account passwords to expire may cause applications to stop functioning. However, not changing them on a regular basis exposes them to attack. If managed service accounts are used, this alleviates the need to manually change application account passwords.
Impact:
Manually managed application account passwords will need to be changed at least annually.
Solution
Change passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224824
Rule ID: SV-224824r569186_rule
STIG ID: WN16-00-000070
Severity: CAT II