3ef29cdc-8018-48a9-b210-13e18cf14d07
An account without a password can allow unauthorized access to a system as only the username would be required. Password policies should prevent accounts with blank passwords from existing on a system. However, if a local account with a blank password does exist, enabling this setting will prevent network access, limiting the account to local console logon only
To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Accounts: Limit local account use of blank passwords to console logon only to "Enabled".
Stig Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2022-08-25/finding/V-254446
2019 - https://www.stigviewer.com/stig/microsoft_windows_server_2019/2022-03-01/finding/V-205908 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93279
2016 - https://www.stigviewer.com/stig/microsoft_windows_server_2016/2022-03-01/finding/V-225025 / https://www.stigviewer.com/stig/windows_server_2016/2019-01-16/finding/V-73621
Stig Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-06-24/finding/V-253434
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220910 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220910
NIST 800-53:IA-5(1)
CSI CSC v7: 4.4
CMMCv2: AC.2.016