Password changes (Windows)

Module: Password Strength

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check iterates through all user accounts in the user list and verifies that users are able to change the passwords on their accounts. The user list lets you exclude users or user groups that should be excepted from the check.

The following table lists the error message for the check.

Table: Error message for Password changes

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_CHANGE_PASSWORD Category: Policy Compliance	Windows 2000 (105334) Windows 2003 (205334) Windows 2008 (248334) Windows Vista (228334) Windows XP (200334)	Title: User cannot change password Description:This user cannot change the account password. Anyone with a stolen password can have long term access to such an account. In Windows deselect the setting "User cannot change password". In the "Password changes" check, use the name list to exclude any excepted users and security groups from the check.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_CHANGE_PASSWORD

Category: Policy Compliance

Windows 2000 (105334)
Windows 2003 (205334)
Windows 2008 (248334)
Windows Vista (228334)
Windows XP (200334)

Title: User cannot change password

Description:This user cannot change the account password. Anyone with a stolen password can have long term access to such an account. In Windows deselect the setting "User cannot change password". In the "Password changes" check, use the name list to exclude any excepted users and security groups from the check.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]