DeviceMachinePasswordChangeRate

Setting the policy specifies in days how often a client changes their machine account password. The password is randomly generated by the client and not visible to the user. Disabling this policy or setting a high number of days can negatively impact security, because it gives potential attackers more time to find and use the machine account password. Leaving the policy unset means the machine account password is changed every 30 days. Setting the policy to 0 turns off machine account password change. Note: Passwords might get older than the specified number of days if the client has been offline for a longer period of time.