Security report for blank passwords

We are performing a security audit and searching for a tool that can check logins on local windows servers and workstations for blank passwords. Ideally, we would like this tool to 1) perform on multiple remote machines, 2) have the ability to output to a report or something that can be converted to csv  format. I assumed that a powershell command would work, but i have not found one yet. Any suggestions are welcomed. Thank you.
howard temproSystems AdministratorAsked:
Who is Participating?
 
btanExec ConsultantCommented:
For info, possible PS
Get-ADUser -Filter * -SearchBase "OU=SomeOU,DC=mydomain,DC=forest,DC=local" | ForEach {
   $_.SamAccountName
   (new-object directoryservices.directoryentry "", ("domain\" + $_.SamAccountName), [b]""[/b]).psbase.name -ne $null
   Write-Host ""
}

Open in new window

This will test all users for a blank password. Alternatively - a test password e.g "password123" used by all users:
(new-object directoryservices.directoryentry "", ("domain\" + $_.SamAccountName), [b]"password123"[/b]).psbase.name -ne $null

Open in new window

And another language shared in http://travisaltman.com/scan-for-blank-admin-passwords-without-commercial-software/

Another PS script
If the PASSWD_NOTREQD flag is set in the userAccountControl attribute, the corresponding user account can have an empty password, even if the domain password policy disallows empty passwords.
https://4sysops.com/archives/find-ad-users-with-empty-password-passwd_notreqd-flag-using-powershell/
0
 
EirmanChief Operations ManagerCommented:
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
This is for AD but same concept applies. 31d6cfe0d16ae931b73c59d7e0c089c0 is NTLM hash for blank password
https://www.experts-exchange.com/articles/29569/How-to-extract-hashes-from-IFM-backup.html
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
McKnifeCommented:
Please acknowledge that searching for logons with blank passwords is rather odd. It's better to look for accounts with blank passwords.
The old tool "Microsoft baseline security analyzer" can do just that and it works via network.
0
 
howard temproSystems AdministratorAuthor Commented:
Thank you all for your feedback. I am in the process of testing these solutions and will update this post with details.
0
 
McKnifeCommented:
Just an info to remind anyone: answers taken from other sites should be referenced. Answers taken from other Q&A sites are not even allowed.

@author: please return and close the question yourself and don't wait for moderators to do that. It is so much more polite and appreciated.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Split:
-- btan (https:#a42461043)
-- McKnife (https:#a42461418)
-- Shaun Vermaak (https:#a42461407)


If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.