General discussion

Locked

blank password accepted by win 2k

By iso ·
Password is set on nt4. for user. User logs on and is prompted to change password user leaves password blank on initial and confirmation. Win2k
accepts password.

how can you prevent users from using blank passwords?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

blank password accepted by win 2k

by Joseph Moore In reply to blank password accepted b ...

Depends. Is this a stand-alone Win2k machine, or is it a part of the domain? If a part of the domain, is it a member of a NT4 domain, or a Win2K Active Directory domain? These specifics make a difference.
The reason, though, is the "Minimum Password Length" permission is set to 0. When you do not specify how long passwords must be, then users can have a blank password. Unfortunately, having a minimum length of 0 is the default setting. You have to change it.

So, to do so depends on the domain membership and its structure. But, for an example, I am going to assume that the Win2K box is a member workstation of a NT4 domain.
To set the password length, go to your PDC and open up User Manager for Domains. Click Policies -> Account.
You are gonna see a bunch of password and account settings. There is a section called Minimum Password Length, with 2 options below it: Permit Blank Password and At Least X Characters.
Select At Least X Characters, and change the radial to a minimum number you want passwords to be. If you want your network to be somewhat secure, I recommend 8 characters. Click OK.
Now, this sets so that any new passwords added must be at least X characters in length (to whatever number you choose).

Collapse -

blank password accepted by win 2k

by Joseph Moore In reply to blank password accepted b ...

Part II

Unfortunately, this does not affect CURRENT passwords. The user with the blank password still can use his blank password.
This user must be forced to change his/her password. To do that, you can turn on Password Expiration. Open up the Policy ->Account window again. There is the Maximum Password Age, with a couple of options. Select Password Expires in XX Days, and select how many days you want to go by before the passwords expire (I keep my network at 30 days, but I think Windows uses 42 days as the default).
Good. Now, all users passwords will expire in XX days, and when they do, they will have to make a new password that is at least X characters in length, from what you set it to before.
Now the last thing is to make sure no users (especially the user with the blank password) does NOT have the option "Password never expires" checkbox selected in their user profile. If they do have this checkbox checked, then their password will not expire in XX days. So, go through the accounts and unselect this checkbox if checked.

There are other password and account options you can look at, plus other things (PASSFILT, the password security filter) to make your user accounts a lot more secure.

Hope this helps.

Back to Windows Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums