Hi,
I've noted that there are user accounts in Active Directory with Password-Not-Required (https://docs.microsoft.com/en-us/windows/win32/adschema/a-useraccountcontrol) value equals to "true". Does this mean that the user can log on without a password? Does this override Group Policy for account logons?
Thank you,
Kervin
@KervinPaulRVinluan-0523
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?
If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.
Yes, this can override group policy and make it so that your accounts do not have passwords required. This can cause a security gap, but you can easily fix it by querying for the accounts that have "Password-Not-Required" = true and switching the setting to false.
First, you can get the list of all user accounts that do not require a password:
Get-ADUser -Filter {PasswordNotRequired -eq $true}
Then you can correct the accounts using:
Get-ADUser -Identity User2 | Set-ADUser -PasswordNotRequired $false
https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-aduser?view=win10-ps
Hi @MarileeTurscak,
Can you share a documentation or examples of how this can cause a security gap?. How this scenario can override Group Policy for account logons?
Thanks in advance.
https://docs.microsoft.com/en-us/archive/blogs/russellt/passwd_notreqd
Is there a way to change the native behaviour of pre-staged computer accounts to prevent computer accounts from having the option to have blank passwords?
101 people are following this question.
