Maximum password age (Windows)

Module: Password Strength

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check verifies that the Windows password age setting has a maximum age that does not exceed the number of days specified in your policy. The valid range of maximum password age is 0 to 999 days.

The following table lists the error message for the check.

Table: Error message for Maximum password age

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_MAX_PASSWD_AGE_TOO_HIGH Category: Policy Compliance	Windows 2000 (105330) Windows 2003 (205330) Windows 2008 (248330) Windows Vista (228330) Windows XP (200330)	Title: Maximum password age too high Description:The maximum password age is set too high. Infrequent password changes allow anyone with a stolen password long term access to your system. The recommended maximum password age is 60 days.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Max age: %s; expected: %s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_MAX_PASSWD_AGE_TOO_HIGH

Category: Policy Compliance

Windows 2000 (105330)
Windows 2003 (205330)
Windows 2008 (248330)
Windows Vista (228330)
Windows XP (200330)

Title: Maximum password age too high

Description:The maximum password age is set too high. Infrequent password changes allow anyone with a stolen password long term access to your system. The recommended maximum password age is 60 days.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Max age: %s; expected: %s]