Solved

blank local passwords

Posted on 2014-12-09
6
107 Views
Last Modified: 2015-01-03
Is there a GPO in server 2008 that I can use to remove any LOCAL user accounts with blank passwords or at a minimum give that account a password??


Please advise
0
Comment
Question by:Rbbedz1
  • 3
  • 2
6 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
Comment Utility
You can very easily limit local accounts with blank passwords so that they can only log in at the console... no network access.  Does that help?

Otherwise, I think could probably define a startup script to find local accounts with blank passwords, and disable them.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
That script would do. But if we think of lazy local admins that simply re-enable the account and leave the password blank, you should add a password policy to your domain (which effectively works for local accounts, too). Then you could use another neat function that sets at least an 8-char-random password. You would apply that command to the usernames you found.
net user username /random

There are also powershell scripts that can set long random passwords, I could provide one if you need.
0
 

Author Comment

by:Rbbedz1
Comment Utility
I already have the limit local accounts with blank passwords so that they can only log in at the console... enabled
and I have a domain acct password policy in effect

What I was hoping to do was search for local accounts that have been setup and possibly with blank password.  I want to make sure that there are no local accts with blank passwords and change if there is

if you can send the ps script with instructions on how to run/use that would be greatly appreciated.

rbbedz1
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Rbbedz1
Comment Utility
tell me more about this "should add a password policy to your domain (which effectively works for local accounts, too). Then you could use another neat function that sets at least an 8-char-random password. You would apply that command to the usernames you found.
 net user username /random"


this sounds very intriguing..
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
"What I was hoping to do was search for local accounts that have been setup and possibly with blank password" - ...and that is exactly what Razmus provided. That script, did you try it?

Will come with more, soon.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now