WN16-00-000220 - Windows Server 2016 accounts must require passwords.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The lack of password protection enables anyone to gain access to the information system, which opens a backdoor opportunity for intruders to compromise the system as well as other resources. Accounts on a system must require passwords.

Solution

Configure all enabled user accounts to require passwords.

The password required flag can be set by entering the following on a command line: 'Net user [username] /passwordreq:yes', substituting [username] with the name of the user account.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2016_V2R7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000764, Rule-ID|SV-224838r857232_rule, STIG-ID|WN16-00-000220, STIG-Legacy|SV-87913, STIG-Legacy|V-73261, Vuln-ID|V-224838

Plugin: Windows

Control ID: 9f8a2034d8ddaf55e1ad54ef005358d49a07d7fd942f2b0b8a2084baff73d5e2