W2kpro won't keep blank password

  • Thread starter Thread starter Joe Price
  • Start date Start date
J

Joe Price

I have a couple of customers who have run into this
problem.

We have a user account set up to allow all machines on the
network to access shares. This account has a blank
password. Even though the Password Never Expires box is
checked, the password has to be reset now and then
(approximately 45 days, best I can guess)

Security is not an issue with either of these customers
and both have proprietary business software that requires
a common username to be able to use it.

Both networks are peer to peer and have a mix of 9x / 2k /
xp.

I've checked technet and the knowledge base and can't find
anything.

What "obvious" setting am I overlooking ??

Thanks in advance.

Joe Price
Price Technology
 
The password never expires box is supposed to keep account from needing to
be changed. I would also check that the password cannot be changed to
prevent a user from changing it which will not prevent an administrator from
resetting it. Another thing to check is in Local Security Policy/account
settings/password policy/maximum password age. Set it to zero and then run
secedit /refreshpolicy machine_policy /enforce. A zero setting means the
password will not expire. --- Steve
 
Do you have the "require users to use username and
password for this computer" in the >>Control Panel>>Users
and Groups checked or unchecked? You might try the
uncheck. Otherwise, it sounds like you have a correct
setup. Just confirm that the password never expires and
make sure a password policy is not overriding that. In a
clean Win2k setup, that is all there is too it. I run a
win2k/98/xp peer to peer, and I have a similar setup, but
use different usernames and passwords. There may be a
conflict with using identical usernames in a peer to peer
network, since security is being controlled for local and
network use with an identical username. Just a hunch.

Also try checking to see that you have your resources
shared to everyone or not. You might remove the everyone
and just add the particular user. I believe this then
shows up as an actual usernamed resource accessed instead
of an IPC connection in Administrative Tools>>Shared
Folders>>Open Files. It is much easier to track users that
way. You might also check >>IE>>Tools>>INternet
OPtions>>Security>>Local Intranet>>Custom Level>>

then the last radio button has an option for logon types

You might try changing those.

There is also a ICF built into XP which doesn't usually
allow peer sharing.

Just a few suggestions on where to try to experiment.
There is a nice tool from sysinternals that operates in
the command line called pstools. It allows you to view who
is logged on remotely and locally on a particular machine.
If you like command, this is for you. I have only tried it
on Win2k.

------ain't windows great-----:)
 
Back
Top