How to configure the use of blank passwords when accessing one computer from another
The default security policy in Windows XP Professional and Windows 2003 restricts the use of accounts which have a blank password.
Sophos does not recommend the use of blank passwords (no password) or weak passwords. Strong passwords are a vital part of network security. A strong password is one that:
- is at least seven characters long
- contains a mixture of letters, numerals and symbols
- does not contain a commonly used word or name.
If for some reason it is necessary for you to use an account with a blank password to log on over a network, this article describes how you can configure the security policy to do this.
What to do
Windows XP Professional, Windows 2003 member server
To enable the use of blank passwords
- select Start|Control Panel|Performance and Maintenance|Administrative Tools|Local Security Policy
- select Local Policies|Security Options|Limit local account use of blank passwords to console logon only
- select 'Enabled'
- click 'OK'.
Windows 2003 domain controller
To enable the use of blank passwords
- select Start|Control Panel|Administrative Tools|Domain Controller Security Policy
- de-select 'Local Policies|Security Options|Limit local account use of blank passwords to console logon only'
- enable 'Define this policy setting:'
- select 'Enabled'
- click 'OK'.
If you need more information or guidance, then please contact technical support.
- Article ID: 10471
- Created: 5 Mar 2004
- Last updated: 17 Nov 2005
