Skip to content
Catalogs
XCCDF
Active Directory Domain Security Technical Implementation Guide
SRG-OS-000076
Windows service \ application accounts with administrative privileges and manually managed passwords, must have passwords changed at least every 60 days.
Windows service \ application accounts with administrative privileges and manually managed passwords, must have passwords changed at least every 60 days. An XCCDF Rule
Windows service \ application accounts with administrative privileges and manually managed passwords, must have passwords changed at least every 60 days.
Medium Severity
<VulnDiscussion>NT hashes of passwords for accounts that are not changed regularly are susceptible to reuse by attackers using Pass-the-Hash. Windows service \ application account passwords are not typically changed for longer periods of time to ensure availability of the applications. If a service \ application also has administrative privileges it will provide elevated access if compromised.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>