Users may have an easy-to-remember password that they are likely to use. However, it is not advisable to have the same password for more number of days as attackers can easily target such user accounts. To prevent this, you can enforce end users to change their system password every 45 days.
Severity
Critical
Category
Password Policy
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> "Maximum Password Age" to "45" days or less (excluding "0" which is unacceptable).
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
