Blank Passwords
Hi
Is there a way to discover how many users have blank passwords, because AD doesnt keep an actual record of passwords that we could read how does someone do a search through all the users to determine if they have a blank password
Any help would be great
Lee H
Is there a way to discover how many users have blank passwords, because AD doesnt keep an actual record of passwords that we could read how does someone do a search through all the users to determine if they have a blank password
Any help would be great
Lee H
.
Comments
-
RussS
Member Posts: 2,068 ■■■□□□□□□□
Not certain on that - however if you have a policy of 5 charachters or more blank passwords would not work.
I say 5 or more as anything less is about as useless as blank
www.supercross.com
FIM website of the year 2007 -
JDMurray
Admin Posts: 13,086 Admin
Even a blank password is still a password, and is therefore discoverable using a tool like Cain & Able (http://www.agrreviews.com/modules/mydownloads/singlefile.php?lid=16712). This tool is used by a lot of vulnerability assessment people to test the security of networks. It might be the solution to your problem. -
Slowhand
Mod Posts: 5,161 Mod
You can also use the Microsoft Baseline Analyser to scan a range of IP's to discover those kinds of weaknesses. It'll let you know if there are any blank passwords, weak passwords, and any other in-OS issues.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do.