Local administrator accounts on domain systems must not share the same password.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36438 | AD.0008 | SV-47844r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Local administrator accounts on domain systems must use unique passwords. In the event a domain system is compromised, sharing the same password for local administrator accounts on domain systems will allow an attacker to move laterally and compromise multiple domain systems. |
| STIG | Date |
|---|---|
| Active Directory Domain Security Technical Implementation Guide (STIG) | 2014-12-18 |
Details
| Check Text ( C-44680r1_chk ) |
|---|
| Verify local administrator accounts on domain systems are using unique passwords. If local administrator accounts on domain systems are sharing a password, this is a finding. |
| Fix Text (F-40970r1_fix) |
|---|
| Set unique passwords for all local administrator accounts on domain systems. |