Meaning of DumpSec PswdRequired = No

  • Thread starter Thread starter Petr Kazil
  • Start date Start date
P

Petr Kazil

I'm doing a security quickscan using DumpSec and I get a lot of users where
"PswdRequired = No".

I always like to doublecheck such results and I tried to recreate such an
account on my Win2K testsystem. But I can't replicate this setting on my
testsystem. Making a user with a blank password still leads to a setting of
"PswdRequired = Yes". Playing around with settings like "User must change
password at next logon" and the other ones, doesn't influence the setting.
Where do I find the button to make an account with this property?

On my testsystem the default accounts like Guest, IUSR and IWAM have the
setting "= Yes". Is this only something that works for default or system
accounts? Or for accounts that have been automatically migrated from Windows
NT? Any further ideas?
 
On Fri, 10 Oct 2003 16:12:09 +0200, Petr Kazil wrote
I'm doing a security quickscan using DumpSec and I get a lot of users where
"PswdRequired = No".
Click to expand...

This is equivalent to the property flag PASSWD_NOTREQD
http://support.microsoft.com/?kbid=305144
I always like to doublecheck such results and I tried to recreate such an
account on my Win2K testsystem. But I can't replicate this setting on my
testsystem. Making a user with a blank password still leads to a setting of
"PswdRequired = Yes". Playing around with settings like "User must change
password at next logon" and the other ones, doesn't influence the setting.
Where do I find the button to make an account with this property?

On my testsystem the default accounts like Guest, IUSR and IWAM have the
setting "= Yes". Is this only something that works for default or system
accounts? Or for accounts that have been automatically migrated from Windows
NT? Any further ideas?
Click to expand...

Some scripts or batch files used to create accounts may set "PswdRequired =
No" as a default when creating accounts.

Open a CMD prompt and type
net help user
[ENTER]

or see
http://support.microsoft.com/?kbid=251394

For example
NET USER TestUser p@ssw0rd /PASSWORDREQ:NO /ADD

should create an account that DumpSec will report as "PswdRequired = No"

Authenticated Users by default have the necessary permissions to change the
PASSWD_NOTREQD property flag. So users or help desk may have changed the
flag inadvertently with a script or tool.

Matt Scarborough 2003-10-12
 
Back
Top