20.45 Ensure 'Passwords are configured to expire'

Information

This policy setting ensures that all passwords for accounts are configured to expire.

Rationale:

Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked.

Impact:

All password will be configured to expire.

Solution

Configure all enabled user account passwords to expire.

Domain Controllers:

Open Active Directory Users and Computers

Uncheck Password never expires for all enabled user accounts

Member servers and standalone systems

Open Computer Management

Go to Users

Uncheck Password never expires for all enabled user accounts

Note: Document any exceptions with the ISSO.




Default Value:

N/A

Additional Information:

Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020

Vul ID: V-205658
Rule ID: SV-205658r569188_rule
STIG ID: WN19-00-000210
Severity: CAT II

See Also

https://workbench.cisecurity.org/files/3345