Microsoft KB Archive/102378

= Blank Password Avoids Change/Uniqueness Protections =

Article ID: 102378

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Advanced Server 3.1
 * Microsoft Windows NT Workstation 3.1
 * Microsoft Windows NT Advanced Server 3.1

-



This article was previously published under Q102378





SYMPTOMS
If the administrator creates a new account but doesn't enter a password, the "User Must Change Password at Next Logon" check box doesn't seem to work: when you next logon, Windows NT asks for a new password but will accept a blank password.



CAUSE
Even when a password history is in effect, you can still change your password from a blank password to a blank password. The password uniqueness setting should not allow this.

Blank passwords are not stored in the password history, so you can change your password to a blank password at any time -- even if you used a blank password more recently than the password uniqueness setting is supposed to allow.

Steps to Reproduce Behavior

 * 1) Create a new user without entering a password.
 * 2) Choose User Must Change Password.
 * 3) Logon as that user. You are asked to enter a new password.
 * 4) At the prompt to enter a new password, choose OK.

Windows NT responds that the password is successfully changed. In reality, you still have a blank password.

Additional query words: prodnt

Keywords: kbother KB102378

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.