Specify the 'Domain member: Maximum machine account password age' (Max: 999 days)
|ID: oval:org.secpod.oval:def:36532||Date: (C)2016-08-05 (M)2017-10-23|
|Class: COMPLIANCE||Family: windows|
This policy setting determines the maximum allowable age for a computer account password. By default, domain members automatically change their domain passwords every 30 days. If you increase this interval significantly or set it to 0 so that the computers no longer change their passwords, an attacker would have more time to undertake a brute force attack against one of the computer accounts.
Configure the Domain member: Maximum machine account password age setting to 30 days.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age
(2) REG: ###
(3) WMI: ###
|Microsoft Windows 10|