Active Directory accounts can be configured to escape global password renewal policies. Accounts set up like this can be used indefinitely without ever changing their password. User and administrator accounts should never have this attribute set.
By default, this check skips disabled accounts. To also check disabled accounts, please enable thorough tests.
Note: This plugin is part of the Active Directory Starter Scan Template and is meant to be used for preliminary analysis of AD hosts. For more information on the issues discovered by the Active Directory Starter Scan plugins, please refer to this blog post - https://www.tenable.com/blog/new-in-nessus-find-and-fix-these-10-active-directory-misconfigurations
Binary data adsi_account_pwd.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | active_directory | cpe:/a:microsoft:active_directory |