passwords and versions

Posted on 2011-03-02
Medium Priority
Last Modified: 2013-11-05
With basic domain user privelelges (i dont have local admin or domain admin), is there any way to check the version of a server in my domain, i.e. win2k, server 03, server 08 etc? And also, I am told there are local accounts on this server with blank passwords, is there any way from the command prompt to test if these users passwords really are blank? I dont want to RDP onto it. The servers are either win2k or server 2003. Is it possible to even have blank passwords on local accounts on win2k or server 2003?
Question by:pma111

Assisted Solution

AlexDemel earned 140 total points
ID: 35016365
using active directory users and computers, you could right-click on the computer object of your server and see the operating system version and service pack level at the "operating system" tab.
LVL 11

Accepted Solution

Tasmant earned 180 total points
ID: 35016403
you could use the following query to retrieveall the servers in your domain:
dsquery * -limit 0 -filter "(&(objectCategory=Computer)(objectClass=User)(operatingSystem=*Server*))" -attr samaccountname operatingSystem operatingSystemVersion

for blank passwords, i don't think, it relies on your default domain policy, (you can read it with normal account), but if it permits blank password, it's really not secure.


Author Comment

ID: 35016410
I meant a local account on a member server not a domain account
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!


Author Comment

ID: 35016712
surely surely there must be a NET command or similar to check if a local account on a server has a blank password?
LVL 11

Expert Comment

ID: 35016870
I've understood your question, but local accounts relies on the domain passwords policy too, as soon are they member of the domain.

Author Comment

ID: 35016922
Does it?

That doesnt add up, as many many of our local accounts have passwords that are less (in lenght) than the domain policy which stipulates 10.

So in many cases as builds are based on an image, the local administrator account has a password that is only 8 characters long.

Assisted Solution

jesaja earned 180 total points
ID: 35047313
I haven't used it but Microsoft Baseline Security Analyzer will scan for week passwords


if the server is joined to a domain the domain password policy will not get applied to local accounts unless the password is changed
so empty local passwords could still exist

on 2008 the default security settings are much better then in older versions

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question