We are currently evaluating Vulnerability Management to report on our CIS 2.0 compliance.

In a Domain Controller profile the Password Policy checks appear to be incorrect.

For example: 1.1.5 – (L1) Ensure ‘Password must meet complexity requirements’ is set to ‘Enabled’

says “Not compliant”, although we have it enabled in the “Default Domain Policy”, which is the one controlling domain users password policy.

What policy does it check?

It is as if it checks the RSOP that affects the DCs. But DCs do not have local users. 🤔

​We are currently evaluating Vulnerability Management to report on our CIS 2.0 compliance. In a Domain Controller profile the Password Policy checks appear to be incorrect. For example: 1.1.5 – (L1) Ensure ‘Password must meet complexity requirements’ is set to ‘Enabled’says “Not compliant”, although we have it enabled in the “Default Domain Policy”, which is the one controlling domain users password policy. What policy does it check?It is as if it checks the RSOP that affects the DCs. But DCs do not have local users. 🤔  Read More

​