Password must expire (Windows)

Module: Password Strength

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check iterates through all user accounts and reports a problem if passwords do not expire on the agent computer. If the system does expire passwords, the check reports user accounts that have enabled the user properties setting, Password never expires. By default, this check does not report users who cannot change their passwords. If you want the check to report users who cannot change their passwords, enter Yes in the Yes or No text box. Use the name list to exclude users and security groups from the check.

The following table lists the error messages for the check.

Table: Error messages for Password must expire

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_PASSWORDS_EXPIRE Category: Policy Compliance	Windows 2000 (105335) Windows 2003 (205335) Windows 2008 (248335) Windows Vista (228335) Windows XP (200335)	Title: User password never expires Description:The password for this account does not expire. Anyone with a stolen password can have long term access to such an account. In Windows deselect the setting "Password never expires". In the "Password must expire" check, use the name list to exclude any excepted users and security groups from the check. Note that this check reports only users who can change their passwords.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESM_ACCTPOLICY_PASSWORDS_EXPIRE Category: Policy Compliance	Windows 2000 (105341) Windows 2003 (205341) Windows 2008 (248341) Windows Vista (228341) Windows XP (200341)	Title: Passwords do not expire on system Description:Passwords do not expire on this system. Anyone with a stolen password can have long term access to user accounts. Increase the value for the maximum password age setting in Windows to greater than 0.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_PASSWORDS_EXPIRE

Category: Policy Compliance

Windows 2000 (105335)
Windows 2003 (205335)
Windows 2008 (248335)
Windows Vista (228335)
Windows XP (200335)

Title: User password never expires

Description:The password for this account does not expire. Anyone with a stolen password can have long term access to such an account. In Windows deselect the setting "Password never expires". In the "Password must expire" check, use the name list to exclude any excepted users and security groups from the check. Note that this check reports only users who can change their passwords.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESM_ACCTPOLICY_PASSWORDS_EXPIRE

Category: Policy Compliance

Windows 2000 (105341)
Windows 2003 (205341)
Windows 2008 (248341)
Windows Vista (228341)
Windows XP (200341)

Title: Passwords do not expire on system

Description:Passwords do not expire on this system. Anyone with a stolen password can have long term access to user accounts. Increase the value for the maximum password age setting in Windows to greater than 0.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []