CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes

Impact:

None - this is the default behavior.

Default Value:

Disabled. (The domain member can change its computer account password as specified by the Domain Member: Maximum machine account password age setting (Rule 2.3.6.5), which by default is every 30 days.)

References:

1. CCE-34986-0

CIS Controls:

Version 6

16 Account Monitoring and Control Account Monitoring and Control

Version 7

5.1 Establish Secure Configurations Maintain documented, standard security configuration standards for all authorized operating systems and software.

180 | P a g e