Information
This policy setting ensures that all passwords for accounts are configured to expire.
Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked.
Solution
Configure all enabled user account passwords to expire.
Domain Controllers:
- Open
Active Directory Users and Computers
- Uncheck Password never expires for all enabled user accounts
Member servers and standalone systems
- Open
Computer Management
- Go to
Users
- Uncheck Password never expires for all enabled user accounts
Note: Document any exceptions with the ISSO.
Impact:
All password will be configured to expire.