Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14225 | WN12-00-000007 | SV-52942r1_rule | ECPA-1 | Medium |
Description |
---|
The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the password. Passwords for the built-in Administrator account must be changed at least annually or when any member of the administrative team leaves the organization. |
STIG | Date |
---|---|
Windows Server 2012 / 2012 R2 Domain Controller Security Technical Implementation Guide | 2014-12-18 |
Check Text ( C-47248r2_chk ) |
---|
Determine if any system administrators have left the organization within the last year. Run the DUMPSEC utility. Select "Dump Users as Table" from the "Report" menu. Select the following fields, and click "Add" for each entry: UserName SID PwsdLastSetTime If the built-in Administrator account has a date older than one year in the "PwsdLastSetTime" column, this is a finding. If any system administrators has left the organization within the last year and the "PwsdLastSetTime" field reflects the built-in Administrator account password was not changed at that time, this is a finding. |
Fix Text (F-45868r1_fix) |
---|
Change the built-in Administrator account password at least annually or whenever an administrator leaves the organization. |