PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Accounts: Local accounts with blank passwords must be restricted to prevent access from the network

3ef29cdc-8018-48a9-b210-13e18cf14d07

An account without a password can allow unauthorized access to a system as only the username would be required. Password policies should prevent accounts with blank passwords from existing on a system. However, if a local account with a blank password does exist, enabling this setting will prevent network access, limiting the account to local console logon only

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Accounts: Limit local account use of blank passwords to console logon only to "Enabled".

Stig Server:
2022: https://stigviewer.com/stigs/microsoft_windows_server_2022/2022-08-25/finding/V-254446
2019: https://stigviewer.com/stigs/microsoft_windows_server_2019/2022-03-01/finding/V-205908

Desktop:
W11: https://stigviewer.com/stigs/microsoft_windows_11/2022-06-24/finding/V-253434
W10: https://stigviewer.com/stigs/microsoft_windows_10/2022-04-08/finding/V-220910

NIST 800-53:IA-5(1)
CSI CSC v7: 4.4
CMMCv2: AC.2.016

More info: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only



Tags

stig-high-server stig-medium-desktop desktop server bestpractice-server bestpractice-desktop compliance-desktop compliance-server security-desktop security-server cis-csc-desktop cis-csc-server nist800-53-desktop nist800-53-server cmmc2-l2-desktop cmmc2-l2-server tisax

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.