Accounts without passwords (Windows)

Module: Password Strength

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports user accounts that can be accessed without entering a password. Use the name list to specify the users that will be excluded or included by this check. This check is currently not supported on Itanium based and 64-bit server systems.

The following table lists the error messages for the check.

Table: Error messages for Accounts without passwords

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_PASSNOUSERPASS Category: Policy Compliance	Windows 2000 (105338) Windows 2003 (205338) Windows 2008 (248338) Windows Vista (228338) Windows XP (200338)	Title: No password Description:This account does not have a password. Anyone who knows this user name can access this account. Immediately assign a secure password to the account. Instruct the account owner to log on using the assigned password, and then to change the password. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.	Severity: red-4 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESM_DISABLED_PASSNOUSERPASS Category: Policy Compliance	Windows 2000 (105343) Windows 2003 (205343) Windows 2008 (248343) Windows Vista (228343) Windows XP (200343)	Title: No password on disabled account Description:This disabled account does not have a password. This can be a security problem if the account is re-activated. Immediately assign a secure password to this account or remove it. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_PASSNOUSERPASS

Category: Policy Compliance

Windows 2000 (105338)
Windows 2003 (205338)
Windows 2008 (248338)
Windows Vista (228338)
Windows XP (200338)

Title: No password

Description:This account does not have a password. Anyone who knows this user name can access this account. Immediately assign a secure password to the account. Instruct the account owner to log on using the assigned password, and then to change the password. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESM_DISABLED_PASSNOUSERPASS

Category: Policy Compliance

Windows 2000 (105343)
Windows 2003 (205343)
Windows 2008 (248343)
Windows Vista (228343)
Windows XP (200343)

Title: No password on disabled account

Description:This disabled account does not have a password. This can be a security problem if the account is re-activated. Immediately assign a secure password to this account or remove it. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]