SV-29750r2_rule
V-14225
Administrator Account Password Changes
3.122
CAT II
10
Change the built-in Administrator account password at least annually or whenever an administrator leaves the organization. More frequent changes are recommended.
Automated tools, such as Microsoft's LAPS, may be used on domain-joined member servers to accomplish this.
Review the password last set date for the built-in Administrator account.
Open "Windows PowerShell" or "Command Prompt".
Enter 'Net User [account name] | Find /i "Password Last Set"', where [account name] is the name of the built-in Administrator account.
(The name of the built-in Administrator account must be changed to something other than "Administrator" per STIG requirements.)
If the "PasswordLastSet" date is greater than one year old, this is a finding.
V-14225
False
3.122
Review the password last set date for the built-in Administrator account.
Open "Windows PowerShell" or "Command Prompt".
Enter 'Net User [account name] | Find /i "Password Last Set"', where [account name] is the name of the built-in Administrator account.
(The name of the built-in Administrator account must be changed to something other than "Administrator" per STIG requirements.)
If the "PasswordLastSet" date is greater than one year old, this is a finding.
M
Information Assurance Officer
1340