SV-205659r569188_rule
V-205659
SRG-OS-000076-GPOS-00044
WN19-AC-000050
CAT II
10
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Maximum password age" to "60" days or less (excluding "0", which is unacceptable).
Verify the effective setting in Local Group Policy Editor.
Run "gpedit.msc".
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy.
If the value for the "Maximum password age" is greater than "60" days, this is a finding.
If the value is set to "0" (never expires), this is a finding.
For server core installations, run the following command:
Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt
If "MaximumPasswordAge" is greater than "60" or equal to "0" in the file, this is a finding.
V-205659
False
WN19-AC-000050
Verify the effective setting in Local Group Policy Editor.
Run "gpedit.msc".
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy.
If the value for the "Maximum password age" is greater than "60" days, this is a finding.
If the value is set to "0" (never expires), this is a finding.
For server core installations, run the following command:
Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt
If "MaximumPasswordAge" is greater than "60" or equal to "0" in the file, this is a finding.
M
2907