Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
WN12-GE-000015 | WN12-GE-000015 | WN12-GE-000015_rule | High |
Description |
---|
The lack of password protection enables anyone to gain access to the information system, which opens a backdoor opportunity for intruders to compromise the system as well as other resources. Accounts on a system must require passwords. |
STIG | Date |
---|---|
Microsoft Windows Server 2012 Domain Controller Security Technical Implementation Guide | 2013-07-25 |
Check Text ( C-WN12-GE-000015_chk ) |
---|
Verify all accounts require passwords. Run the DUMPSEC utility. Select "Dump Users as Table" from the "Report" menu. Select the following fields, and click "Add" for each entry: UserName SID PswdRequired AcctDisabled Groups If any accounts have "No" in the "PswdRequired" column, this is a finding. Some built-in or application-generated accounts (e.g., Guest, IWAM_, IUSR, etc.) may not have this flag set, even though there are passwords present. It can be set by entering the following on a command line: "Net user |
Fix Text (F-WN12-GE-000015_fix) |
---|
Ensure all accounts are configured to require passwords to gain access. The password required flag can be set by entering the following on a command line: "Net user |