| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-224824 | CAT II | MONT-VSF-004 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-VSF-004/Checklist/MONT-VSF-004_WinServer2016_V2R10_20251023-143909.ckl
Scan Date: 2026-01-14T12:57:30.046447
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-VSF-003 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-VSF-003/Checklist/MONT-VSF-003_WinServer2016_V2R10_20251023-143935.ckl
Scan Date: 2026-01-14T12:57:31.534241
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-MB-002 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_WinServer2016_V2R10_20251023-152736.ckl
Scan Date: 2026-01-14T12:57:33.842838
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-DP-001 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-DP-001/Checklist/MONT-DP-001_WinServer2016_V2R10_20251023-144106.ckl
Scan Date: 2026-01-14T12:57:35.637816
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-DC-003 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-DC-003/Checklist/MONT-DC-003_WinServer2016_V2R10_20251023-172220.ckl
Scan Date: 2026-01-14T12:57:37.248886
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-DB-002 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-DB-002/Checklist/MONT-DB-002_WinServer2016_V2R10_20251023-144132.ckl
Scan Date: 2026-01-14T12:57:39.082634
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-BE-002 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_WinServer2016_V2R10_20251023-143943.ckl
Scan Date: 2026-01-14T12:57:41.363810
Technology Area: Windows Operating System
|
||||||||
| V-224824 | CAT II | MONT-AP-002 | Microsoft Windows Server 2016 Security T... | Manually managed application account passwords mus... | Documented Pending Review | |||
Check TextDetermine if manually managed application/service accounts exist. If none exist, this is NA. If passwords for manually managed application/service accounts are not changed at least annually or when an administrator with knowledge of the password leaves the organization, this is a finding. Identify manually managed application/service accounts. To determine the date a password was last changed: Domain controllers: Open "PowerShell". Enter "Get-AdUser -Identity [application account name] -Properties PasswordLastSet | FT Name, PasswordLastSet", where [application account name] is the name of the manually managed application/service account. If the "PasswordLastSet" date is more than one year old, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Enter 'Net User [application account name] | Find /i "Password Last Set"', where [application account name] is the name of the manually managed application/service account. If the "Password Last Set" date is more than one year old, this is a finding. Fix TextChange passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization. It is recommended that system-managed service accounts be used whenever possible.
Source: _Reviewed/MONT-AP-002/Checklist/MONT-AP-002_WinServer2016_V2R10_20251023-144214.ckl
Scan Date: 2026-01-14T12:57:42.721079
Technology Area: Windows Operating System
|
||||||||