Information
This policy setting ensures that all manually managed application account passwords are changed at least annually or when a system administrator with knowledge of the password leaves the organization.
Rationale:
Setting application account passwords to expire may cause applications to stop functioning. However, not changing them on a regular basis exposes them to attack. If managed service accounts are used, this alleviates the need to manually change application account passwords.
Impact:
Manually managed application account passwords will need to be changed at least annually.
Solution
Change passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020
Vul ID: V-205847
Rule ID: SV-205847r569188_rule
STIG ID: WN19-00-000060
Severity: CAT II