Information
This policy setting ensures that all passwords for accounts are configured to expire.
Rationale:
Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked.
Impact:
All password will be configured to expire.
Solution
Configure all enabled user account passwords to expire.
Domain Controllers:
Open Active Directory Users and Computers
Uncheck Password never expires for all enabled user accounts
Member servers and standalone systems
Open Computer Management
Go to Users
Uncheck Password never expires for all enabled user accounts
Note: Document any exceptions with the ISSO.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224839
Rule ID: SV-224839r569186_rule
STIG ID: WN16-00-000230
Severity: CAT II