Local accounts and Group Policy

Group Policy can be a minefield and some policy settings are best left unchanged. A good example of this is the following policy setting:

Accounts: Limit local account use of blank passwords to console logon only

This policy is found under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options and the default value of this setting is Enabled. That means any local user accounts on your machine that have blank passwords cannot be used to remotely access your machine from over the network, and this is good as it helps defeat certain kinds of network attacks against your machine.

This is one policy you shouldn’t change, and yet people often do this for various reasons, usually to get some remote app running with no password to make it easier to use. Bad idea! If you need to disable this policy in order to make a program work, you probably shouldn’t be using that program in the first place.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top