20.63 Ensure 'Temporary user accounts must be automatically removed or disabled after 72 hours'

Information

This policy setting ensures that temporary user accounts are automatically removed or disabled after the crisis is resolved or within 72 hours of the crisis.

Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation.

If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation.

To address access requirements, many operating systems may be integrated with enterprise-level authentication/access mechanisms that meet or exceed access control policy requirements.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Remove any temporary user accounts after a crisis has been resolved or configure the accounts to automatically expire within 72 hours.

Domain accounts can be configured with an account expiration date, under

Account

properties.

Local accounts can be configured to expire with the following command:

- Open the

Command Prompt

- Type

Net user [username] /expires:[mm/dd/yyyy]

where username is the name of the temporary user account

Impact:

If temporary accounts are used, the operating system must be configured to automatically terminate these types of accounts after a DoD-defined time period of 72 hours.

See Also

https://workbench.cisecurity.org/benchmarks/18857