Detections
Analytics
WN25-SO-000020 - Windows Server 2025 must prevent local accounts with blank passwords from being used from the network.
Information
An account without a password can allow unauthorized access to a system as only the username would be required. Password policies must prevent accounts with blank passwords from existing on a system. However, if a local account with a blank password does exist, enabling this setting will prevent network access, limiting the account to local console logon only.Solution
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Accounts: Limit local account use of blank passwords to console logon only to 'Enabled'.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2025_V1R1_STIG.zip
Item Details
Audit Name: DISA Microsoft Windows Server 2025 STIG v1r1
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Rule-ID|SV-278196r1181294_rule, STIG-ID|WN25-SO-000020, Vuln-ID|V-278196
Plugin: Windows
Control ID: 3bdb51ca3509f43d1ead9166946220decd504f326ff21967d96d63c5073600a0