Minimum password ageID: oval:org.secpod.oval:def:8773 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Minimum password age setting should be configured correctly.
The Minimum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If Maximum password age is between 1 and 999 days, the minimum password age must be less than the maximum password age. If Maximum password age is set to 0, Minimum password age can be any value between 0 and 998 days (1 day = 86400 seconds; 5 days = 432000)
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |