Check or Attack Name: adminnopw

An Administrator account with no password has been detected. Some vendors ship Windows NT pre-installed with no password on the Administrator account. An attacker could use the Administrator account to gain unlimited access and take control of the host. The attacker also has access to other systems where this Administrator account is valid. If the Domain Administrator account is compromised, then the attacker has unlimited access to every workstation in the domain.

Set the Administrator password to a minimum length of seven characters and change the password.

To set the minimum password length, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the Administrator account.
3. From the Policies menu, select Account to display the Account Policy dialog box.
4. For the Minimum Password Length, require a minimum length of at least seven characters.
5. Click OK.
6. From the User menu, select Properties to display the User Properties dialog box.
7. Type and confirm a non-trivial password.
8. Click OK.

—AND—

For maximum password security, apply the passfilt.dll password filter to reduce guessable passwords.

Microsoft Knowledge Base Article Q161990, How to Enable Strong Password Functionality in Windows NT, http://support.microsoft.com/support/kb/articles/q161/9/90.asp