Password requested

WinXP with SP2, no problems in use for 18 months or so,
configured for one Administrator (with password) and one
ordinary user (no password.) An anomaly now occurs (twice
in 10 days) requesting a password for User login. Simple
CR does not work. Rebooting works, i.e. enables User
login directlly, with no request for password.

This is by itself no problem: but does it point to some
future problem?
--
Don Phillipson
Carlsbad Springs
(Ottawa, Canada)

Don Phillipson wrote:

WinXP with SP2, no problems in use for 18 months or so,
configured for one Administrator (with password) and one
ordinary user (no password.) An anomaly now occurs (twice
in 10 days) requesting a password for User login. Simple
CR does not work. Rebooting works, i.e. enables User
login directlly, with no request for password.

This is by itself no problem: but does it point to some
future problem?

Looks like we have to make some guesses here, which a

- The "anomaly" occurs on the "ordinary user" account that has no
password.

- The "anomaly" occurs during the login to the "ordinary user" account.

- That auto-login is NOT used to automatically log into the "ordinary
user" account. This requires a non-blank password (so something can
actually be automatically entered at login).

- That the "ordinary user" account is not in the Administrators group
(i.e., that it is a Limited or Power user account).

- That the user is logging onto a local account and not under a domain
account.

Same thing happen when you boot into Safe Mode for Windows?

What happens if you do NOT use a blank password? Try changing the
password to a non-blank string.

Have you check the "ordinary user" account does not expire its password?
Run the Local User and Groups policy editor (lusrmgr.msc), Users node,
and look at the properties for the "ordinary user" account.

http://www.theeldergeek.com/blank_pa...ork_access.htm

Is this host used at both home and work? That is, is it, say, a laptop
that the user takes back and forth from home? If so, are they selecting
the proper network in the drop-down listbox on the login screen to
ensure that when at work they are logging onto the domain and when at
home they are not (and so are logging on locally)?


Note: While some users claim that a blank password reduces security,
that is true only at the host itself but actually improves security
regarding remote access to that host. If you decide to change this
"ordinary user" to have a non-blank password, be sure it is a STRONG
password. Read:

http://www.labnol.org/software/tutor...-attacks/2517/
http://www.microsoft.com/protect/you...rd/create.mspx

The flip-side is that if you are their tech that needs to help the user
remotely (using RDP, LogmeIn, TeamViewer, VNC, or whatever) then you
can't connect when they have a blank password for their accounts,
including the Administrator account. Since you said the Administrator
account has a non-blank password, make sure it is a STRONG password.

Also, scheduled tasks cannot run using an account that has a blank
password. Something to think about should the user (or admin) decides
to run scheduled tasks under that account. Many anti-virus or other
security programs utilitize the Task Scheduler service to run their
scheduled scans.