• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 138
  • Last Modified:

Domain user logs in with blank password

I am trying to figure out what is going on. There is a domain user 'mgruser' in Active Directory. All the computers that are joined to the domain here at our store, get the ctrl-alt-del screen and login as username 'STVINCENTDEPAUL\mgr' and then no password in the password box. Then enter. They are able to log into the domain just fine.

I guess I'm wondering how this is done? Would this be done by a policy on these computers or is this a group policy? When I go to the 'profile' tab of the 'mgruser' in AD, there is a login script called 'SBS_LOGIN_SCRIPT.bat'. But for the life of me, I cannot locate this .bat file anywhere. I checked in the usual directory where login scripts are stored and found this hidden directory but there is not .bat file inside of it. C:\Windows\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

I'm not sure where the 'SBS_LOGON_SCRIPT.bat' is located? These login credential of 'Mgr' and no password are used for all our POS workstations/registers.  

Thank you in advance!
0
Margaret Ausloos
Asked:
Margaret Ausloos
1 Solution
 
arnoldCommented:
\\domainname\netlogon is where the AD user login scripts are kept
sysvol is where the GPO's and their scripts are stored.

A login script is not what allows the user to login, it is run after a successful login.

Likely you have a GPO that altered the settings on systems to allow logins without a password.
Alternatively, the systems might be configured with auto-login option i.e. the username/password is stored in the registry HKLM\software\microsoft\windows NT\winlogon
0
 
MacleanSystem EngineerCommented:
This is very bad practice, and highly insecure which is probably very obvious. But you can set the password policy on group policy editor. There are various articles online giving guidance on how to configure PW policy such as the below random example which I googled.

http://www.grouppolicy.biz/2011/08/tutorial-how-to-setup-default-and-fine-grain-password-policy/

I would highly recommend avoiding blank PW logons, as any security auditors will have a field day if the company gets audited by investors eager to keep their business secured, but in the end its a business decision, so have a look at the url, and I hope it helps.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now