What is “Security Risk” rating?
The security risk is generated by looking at certain factors when analyzing each account, such as
• Membership of an elevated group
• Password Set to Neve Expire
• Time since last password change
If your account is a member of the group domain admins, administrators, account operators etc. it will receive a “score”. If the password is set to “never expire” it receives another score, and then depending on when the password was last set, it will have a third “score”. These scores are then totaled and converted to the graphical representation that is displayed.
So for example: “being an admin”, having PasswordNeverExpires and password not being changed for a while (1 year or more gives max “score”). So any admin account with neverExpires that hasnt changed password in one year or more should get max “score”
It is a calculated value between 0 and 100 indicating how much of a security risk a user account pose. The value is calculated as follows:
Admin account +50
Password never expires +30
Password last set +0-20, 20 being 1 year+
Other accounts:
Password never expires +20
Password last set +0-10, 10 being 1 year+