The Exception to the Security Rule of Thumb

When it comes to security, the rule of thumb is to find ways to tighten it. But recently I came across a situation in which I needed to loosen Windows Server 2003's default security settings. By default, a client can't connect to a shared folder on a Windows 2003 server when the account attempting to connect has a blank password. Due to a situation with special circumstances, I was required to set up a shared folder and grant access to an account with no password. (The server and client in question were in a workgroup, not a domain, so password synchronization might have been the reason why a password couldn't be set up for that account.) Thus, I had to find a way to let a Windows XP machine connect to the Windows 2003 share without a password.

With a little digging, I discovered a Group Policy setting that controls whether a password is necessary. Under the appropriate Group Policy Object (GPO) in Windows 2003, you navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. By default, the Accounts: Limit local account use of blank passwords to console logon only option is set to Enabled on a fresh Windows 2003 installation. By changing this setting to Disabled, a client can connect to a share without a password.

I hope this tip might be of use to fellow readers. Although disabling the Accounts: Limit local account use of blank passwords to console logon only option loosens security, it's still better than enabling the Guest account and assigning it permissions to the shared folder.

—Dorin Dehelean
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.