Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: UF_PASSWD_NOTREQD user account flag

from [dave kleiman] Network Security [Permanent Link]
Subject: RE: UF_PASSWD_NOTREQD user account flag
Date: Wed, 16 Mar 2005 13:43:58 -0500 
Petr,


can anybody here explain the real meaning of
UF_PASSWD_NOTREQD flag of Windows user account?


It means password not required, or from the GUI's setting your minimum
password length to "0".

I've found

bunch of user accounts in W2K domain with this flag set; when
I've tried to perform interactive or network logon with them,
it failed.


You can still have that flag set, yet have other policies/security options
that require accounts to have passwords to be able to log in i.e. the
setting "Limit local account use of blank password to console" and remember
by default most remote (TS, RDP, Remote Registry, Telnet) services require
passwords.

 I've found no descriptive documentation besides of

vague "password not required" statement. My questions are:
-- what's the actual meaning of this flag?


It really really means no password required, it does not mean that some
other policy setting might not override it.


-- are there some circumstances under which it is possible to
logon to account with this flag set (without password)?


Yes it is possible.  Local on a box if the security policy allows it or
turning off the no blank password requirement of some service etc.



Thanks for any info and/or reference.




Dave Kleiman

www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: UF_PASSWD_NOTREQD user account flag, Matt
Next by Date:  RE: UF_PASSWD_NOTREQD user account flag, Wozny, Scott (US - New York)
Previous by Thread:  RE: UF_PASSWD_NOTREQD user account flag, Brady McClenon
Next by Thread:  Re: UF_PASSWD_NOTREQD user account flag, Petr Merta
Indexes:  [Date] [Thread] [Top] [All Lists]