Domain member: Maximum machine account password age This policy setting determines the maximum allowable age for a computer account password. By default, domain members automatically change their domain passwords every 30 days. If you increase this interval significantly or set it to 0 so that the computers no longer change their passwords, an attacker would have more time to undertake a brute force attack against one of the computer accounts. Counter Measure: Configure the Domain member: Maximum machine account password age setting to 30 days. Potential Impact: None. This is the default configuration. [max number of days] (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age (2) REG: ### (3) WMI: ### oval:org.secpod.oval:def:36532 SCAP Repo OVAL Definition 2016-08-05