Security+ Question of the day: A consultant (Douglas) will be working at your company for three months. Your company has a policy stating that user passwords must be changed every 42 days. What are the two most important issues that you see in the figure? (Click the figure to enlarge)
(see answer below and video response.)
Answer
First of all, the most glaring issue is that the “Password never expires” checkbox is selected. The company has a 42 day change policy, and should also have a policy stating that a user cannot re-use the same password (usually for at least a year, if not forever). So that needs to be deselected, and possibly, we should review our policies and make sure that this account (and its group) have said policies applied to it.
More importantly, the consultant (Douglas 🙂 ) will only be working at the company for three months. We need to set an account expiration date for that user account. This way, the user will not be able to log on to the domain after the consulting period has ended. In the video I show how to re-configure this within Active Directory Users and Computer in Windows Server 2012.
