Page 9 - Password administration review-Guilford ES
P. 9
Emergency Services: Password Administration Review
SCHEDULE OF TEST RESULTS
Test Test Description Result
#1
We examined the Reviewed the Active Directory Upon reviewing the Active Directory
Active Directory default domain password policy and default domain password policy, we noted
default global noted the required password the following password parameters are
password policy parameters for all active users in the required:
for the guilford- guilford-es.com domain. • Password history: 12
es.com Active • Maximum password age: 180 days
Directory forest. Global Password Policy • Minimum password age: 0 days
• Minimum password length: 8
characters
• Password complexity: The
password complexity is set to
require at least 3 of the following
character types: upper case
characters (A-Z), lower case
characters (a-z), numbers (0-9),
special characters (!, $, %, etc.).
Test We examined all Reviewed all accounts in the We reviewed all accounts in the guilford-
#2 accounts in the guilford-es.com domain and es.com domain and noted there are a total
guilford-es.com inspected each account name for of 428 accounts as of 8/1/2019. Upon
domain for any duplicates. review, we noted there were no duplicate
duplicate account names.
accounts. Duplicate Accounts
Test We examined a Reviewed a sample of 25 users’ We received a listing of terminations for
#3 sample of 25 termination dates compared to the fiscal years 2018 and 2019 from Human
terminations in current status in the system along Resources and noted a total of 47
the ES with the last date of password reset. terminations during the period. Of those
department for 47 terminations, we randomly selected a
the period of Terminations sample 25 terminations for test purposes.
7/1/2018 – Of the 25 examined,
7/31/2019 (FY18, • 17 or 68% of the terminated users
FY19) to confirm were not present in the current listing
the terminations of active users in Active Directory.
did not possess • 7 or 28% of the terminated users were
access in the found in the current listing of active
system. users in Active Directory. Per inquiry
with ES Technical Support
Administrators, these individuals were
8
