Security Basics mailing list archives
Re: using Administrator-Account with empty password
From: "dupes Mothepu" <dupesm () gmail com>
Date: Tue, 3 Jun 2008 18:12:07 +0200
I think it all depends on what it is you're trying to achieve. A blank administrator password works for network access but isn't so useful for phsyical access. To remedy this, you can try the Deny Logon Locally and Log on Locally settings in your Local Security Policy. If you have Everyone in the the former then no one should be able to log onto your machine physically, not even administrators. If this is too extreme, then you could rather configure the latter one and set only a select few people who you want to be able to log on locally, removing the Administrators group from it. Just remember that deny rules supercede allow rules. So be careful that you don't have conflicting entries in the two settings. In this case I think the blank administrator password may work for you. my 2c. Molupe Mothepu Info Security Officer Lesotho Revenue Authority
Current thread:
- using Administrator-Account with empty password Scan_it (Jun 02)
- Re: using Administrator-Account with empty password Ansgar -59cobalt- Wiechers (Jun 02)
- RE: using Administrator-Account with empty password Craig Wright (Jun 03)
- Re: using Administrator-Account with empty password dupes Mothepu (Jun 03)
- Re: using Administrator-Account with empty password Scan_it (Jun 03)