Windows 2003 Server password requirments

Posted on 2006-03-22
Last Modified: 2010-04-18
I have just installed a new Windows 2003 Server.  It is in a workgroup model and have all the latest updates etc.  I have about 50 users on it some with passwords and some without.  Everything seems to work fine until this morning (Cheesy "dun dun dun" music heard in the background)

I created a folder on a drive and created a group and added 10 users to the group.  I then gave them full rights to the group and turned off the inherit flag. Then I went over and tried to logging each user in, the users with passwords set on the server got in just fine.  The users without passwords set got an access denied message.  If I look at their effective rights they say they have full access but they can't get in.  I have seen this before and the way I got around it was just adding passwords for these users...but I don't want to do that this time...I need to be able to let them have access without passwords.

Question by:stuart100

    Author Comment

    Forgot to add....

    The drive the folder is on is the share they have mapped....all users can get to the rest of the folders but the ones without passwords just can't access the folder I created with special permissions set.
    LVL 9

    Accepted Solution

    It's a new security policy for Windows Server 2003 that doesn't allow users without passwords to connect, other than at the console.

    Start | Run, type: gpedit.msc.  See:
    Computer Configuration
    Windows Settings
    Security Settings
    Local Policies
    Security Options
    Accounts: Limit local account use of blank passwords to console logon only
    LVL 4

    Expert Comment

    I don't have a solution for this. And i think microsoft disabled users on a folder with permissions without a password for security reasons.

    But ask yourself the question from a security point of view. Whats the point setting permissions on a folder if someone can login without a password.
    User A knows that user B doesn't have a password. User A logs in as user B and deletes all files. There is noway to check who has done what.

    Whats the point of setting permissions at all, why not make the folder public to everyone ? Apparently the data isn't that important since no password users are able to acces it and delete it.

    I would go for rights for everyone.

    Sorry if this comment isn't helpfull on your situation but i really think you should reconsider how to handle this problem.

    Question there must be a really good reason for you to let users have acces to your network without a password. I'm really curious as of why ?

    Author Comment

    First off....jebeckham
    Thanks that worked points are yours.

    Long story and I am not sure if I really care to dive into it all or for that matter if it is really any of your business...not to mention that fact I didn't ask for thoughts on my security structure.  I guess I will enlighten you a bit. We are a high production office that works many hours a day...(very limited time to make network server changes)  The department that this server belongs to has 7 other servers that their data is spread across.  This is all in a workgroup model.  In the past these users did not have passwords and we are planning on changing this. We are currently moving all that data one server at a time to a brand new server running 2003. (Pretty much one server per weekend)  Once all 7 are consolidated into 1 we plan on giving everyone a password and most likely going to a domain model.  Either way it made more sense to us, to consolidate first..set passwords and go from there.  Otherwise we have to visit each server and make password changes for each user repeatedly.  I believe we went with the best choice.  Most of our employees also have 10 or more years with us and we kind of trust them..(I know that is tough to believe or swallow.)  Let’s just say that by putting permissions on that folder I am just helping keep the honest people honest until stage two flips in.

    Now I know you will have ten other comments to say about this or easier ways to do it but frankly not sure stating those will help.  If I wanted comments about how to secure my servers I would have asked a question about the best security policies to put in place.  The fact is I didn't ask that question because I already know the answer and I am heading in that direction right now...but I guess you didn't know that before you made your post.


    Thanks again,
    LVL 4

    Expert Comment

    Sorry it isn't my bussiness. But i was really curious as of why someone would chose to go this way.

    Thank for your comment. Yesterday i coudn't think of 1 reason why someone would want this. I can see your point of view. I didn't think of this scenario :)
    Thanks again for taking the time to explain this to me.

    Goodluck with your project.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
    Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now