Re: blank password in W2K Pro workstation even when policy set

From: Steven L Umbach (
Date: 11/16/05

Date: Wed, 16 Nov 2005 10:33:44 -0600

I have heard about this behavior more than a few times so I just tested it
out on a W2K SP4 computer of mine. I was able to get password policy to work
and I specifically enabled password complexity and set the minimum password
length to seven characters. When I tried to add a user with a blank or less
than prescribed password I was not allowed to. What I did do is to run the
command secedit /refreshpolicy machine_policy /enforce to make sure that the
security policy was applied or a reboot should do the same thing. On your
computer run the command net accounts to see what it shows and also check
the password policy settings in Local Security policy to make sure that the
local setting and effective setting are the same which it should be after a
forced GP refresh or reboot. --- Steve

"kasommer" <> wrote in message
> previously mis-posted to the VPC group......
> I'm trying to work with some folks who are being required to lock down
> their
> Win2K workstations. The guidelines however were written as though the
> workstations were on a domain and not standalone.
> The real kicker is that after setting local password policies such as min
> length, complexity etc, the local admin can create a new user account with
> a
> blank password via "Users and Passwords". And yes, "Require users to logon
> with a password" is checked.
> I've been able to recreate this with a Virtual PC load Win2K SP3 and SP4.
> With the local pocily set to a minimum length of 8 characters and
> copmlexity
> rules turned on I'm able to create a user with a blank password.
> I didn't think that would be allowed by that policy. Ideas???
> Suggestions??
> thanks,
> Kim