One of the coolest features with Windows XP is how it handles blank passwords. This is a useful fail-safe against local SAM accounts with blank passwords. ... Limit local account use of blank passwords to console logon only; Accounts: Rename administrator account; However, if a local account with a blank password does exist, enabling this setting will limit the account to local console logon only. The Accounts: Limit local account use of blank passwords to console logon only policy setting determines whether remote interactive logons by network services such as Remote Desktop Services, Telnet, and File Transfer Protocol (FTP) are allowed for local accounts that have blank passwords. Accounts: Limit local account use of blank passwords As the name implies, this policy only has effect on local SAM accounts; it does prevent domain accounts with blank passwords from logging on. Fix: Account Restrictions are Preventing this User from Signing in. The password policy should prevent this from occurring. By default, blank passwords aren't allowed for network login. Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon …

This is a Category 1 finding because no accounts with blank passwords should exist on a system. If you want more information about what this will do, click on the Explain tab in that window.

Accounts: Administrator account status.

This policy is found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options and the default value of this setting is Enabled. Home Help Search CVE Vulnerability Database Browse. STEP 4. Once disabled, user account with blank or null passwords can now login remotely via Remote Desktop Connection client instead of just able to do so via local console.

OVAL Objects OVAL Sources By Release Dates. The Accounts: Limit local account use of blank passwords to console logon only policy setting determines whether remote interactive logons by network services such as Remote Desktop Services, Telnet, and File Transfer Protocol (FTP) are allowed for local accounts that have blank passwords. Password policies should prevent accounts with blank passwords from existing on a system. log on with Microsoft accounts' (Scored).....136 2.3.1.3 (L1) Ensure 'Accounts: Guest account status' is set to 'Disabled' (Scored)..138 2.3.1.4 (L1) Ensure 'Accounts: Limit local account use of blank passwords … Open Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only. Locate Accounts: Limit local account use of blank passwords to console logon only policy, and set its value to Disabled. Change it to “Disabled” and press OK. Go to “Local Policies” -> “Security Options” and double-click on “Accounts: Limit local account use of blank passwords to console logon only”.

The obvious solution is to set a password for the account, another solution is to change the setting below. Click Disabled, and then click OK. Quit Group Policy Editor. To change this, modify the relevant setting in the Local Security Policy MMC snapin.