| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: AC0D171FAF15B3E83FED29B6E76237F554D99095 ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: AMPerl.IAAdmin SID: S-1-5-21-4163428051-2768110797-3591193048-1018 Enabled: True Password Last Set: 06/08/2023 23:58:46 (922 days ago) Account: dod_admin SID: S-1-5-21-4163428051-2768110797-3591193048-1001 Enabled: True Password Last Set: 01/27/2022 19:37:24 (1420 days ago) Account: jtbegarek.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1024 Enabled: True Password Last Set: 08/20/2025 14:40:01 (119 days ago) Account: Scan.Admin SID: S-1-5-21-4163428051-2768110797-3591193048-1016 Enabled: True Password Last Set: 03/05/2024 16:43:42 (652 days ago) Account: tljones.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1023 Enabled: True Password Last Set: 04/17/2025 19:19:53 (244 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: A274B6C9BF0D9AD4F7001AD178081F1387B781F3 ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: AMPerl.IAAdmin SID: S-1-5-21-4004422625-1934610219-1178763574-1021 Enabled: True Password Last Set: 08/13/2023 16:24:18 (857 days ago) Account: dod_admin SID: S-1-5-21-4004422625-1934610219-1178763574-1001 Enabled: True Password Last Set: 01/27/2022 19:37:24 (1420 days ago) Account: jtbegarek.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1026 Enabled: True Password Last Set: 08/20/2025 14:07:02 (119 days ago) Account: scan.admin SID: S-1-5-21-4004422625-1934610219-1178763574-1022 Enabled: True Password Last Set: 03/05/2024 16:39:13 (652 days ago) Account: tljones.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1024 Enabled: True Password Last Set: 08/08/2024 02:24:09 (496 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 8A0A1AAA89816304B9C0B250AA84277B68DB7534 ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: dod_admin SID: S-1-5-21-2586659569-2484290388-2027984285-1001 Enabled: True Password Last Set: 01/27/2022 19:47:48 (1364 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: C5C559038CF7763753A9CF7C4030B47AAC8FE4CB ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: dod_admin SID: S-1-5-21-3703204072-2228436765-3422267048-1001 Enabled: True Password Last Set: 01/27/2022 19:47:48 (1364 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
Check Text
If there are no enabled local Administrator accounts, this is Not Applicable. Review the password last set date for the enabled local Administrator account. On the standalone or domain-joined workstation: Open "PowerShell". Enter "Get-LocalUser -Name * | Select-Object *". If the "PasswordLastSet" date is greater than "60" days old for the local Administrator account for administering the computer/domain, this is a finding. Verify LAPS is configured and operational. Navigate to Local Computer Policy >> Computer Configuration >> Administrative Templates >> System >> LAPS >> Password Settings >> Set to enabled. Password Complexity, large letters + small letters + numbers + special, Password Length 14, Password Age 60. If not configured as shown, this is a finding. Verify LAPS Operational logs >> Event Viewer >> Applications and Services Logs >> Microsoft >> Windows >> LAPS >> Operational. Verify LAPS policy process is completing. If it is not, this is a finding.
Fix Text
Change the enabled local Administrator account password at least every 60 days. Windows LAPS must be used to change the built-in Administrator account password. Domain-joined systems can configure this to occur more frequently. LAPS will change the password every 30 days by default. More information is available at: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747 https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview#windows-laps-supported-platforms-and-azure-ad-laps-preview-status