If the "PasswordLastSet" date is greater than "60" days old, this is a finding.Įnter 'Net User | Find /i "Password Last Set"', where is the name of the built-in administrator account. Review the password last set date for the built-in Administrator account.Įnter "Get-ADUser -Filter * -Properties SID, PasswordLastSet | Where SID -Like "*-500" | Ft Name, SID, PasswordLastSet". Windows Server 2019 Security Technical Implementation Guide LAPS will change the password every "30" days by default. Organizations that use an automated tool, such Microsoft's Local Administrator Password Solution (LAPS), on domain-joined systems can configure this to occur more frequently. Changing the password for the built-in Administrator account on a regular basis will limit its exposure. The built-in Administrator account is not generally used and its password not may be changed as frequently as necessary. The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the password.
0 Comments
Leave a Reply. |