ON SECURITY By Susan Bradley Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover t
[See the full post at: Brute force vs. local admins]
Susan Bradley Patch Lady
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Brute force vs. local admins
Tags: Administrator account AskWoody Plus Newsletter Brute-force cracking local account On Security Patch Lady Posts
ON SECURITY By Susan Bradley Microsoft recently added new protections to ensure that ransomware operators can’t use a brute-force attack to discover t
[See the full post at: Brute force vs. local admins]
Susan Bradley Patch Lady
I am increasingly concerned that personal computer management will be beyond the grasp of the average computer user. How many times will a computer technician be called to reset a password to allow computer access?
I know of only two instances when the Local Administrator account is actually needed (there are tools that can be used to workaround those), and I doubt if anyone here will ever encounter those instances. There is no good reason for the Local Administrator account to be enabled, and the account lockout applies only to the Local Administrator account, not to the Administrators group.
I have an account in the Administrators group that satisfies UAC, and I run routinely using only a Standard user account. In my experience, the Administrator lockout is of little use.
As described in “Account lockout available for Local Administrators” (KB5020282), the capability is available for almost all versions of Windows dating back to Windows 7 and Server 2008.
The title of that KB has been amended recently to include “built-in” before “local administrators”.
The paragraph about password complexity also now has the added “built-in”, which was not included when I copied it 12 days ago (or when you copied it for this article):
Additionally, we are now enforcing password complexity on new machines if a local administrator account is used. The password must have at least three of the four basic character types (lower case, upper case, numbers, and symbols).
Again, I was able to set up a username with a blank password.
I don’t understand what Microsoft means when it states that password complexity will be mandated.
Unless you enabled the built-in administrator account, I don’t think you were testing the new requirement.
If you are a home or consumer user, and especially if you have not enabled RDP, I don’t recommend doing anything with this policy. Instead, I suggest any or all of the following:
…
Do not set a password for your Local Administrator account.
If RDP is not enabled, what’s the advantage of a blank admin password?
A blank admin password sounds quite reckless to me, considering kids or keyloggers at home and easy data access if a computer is lost or stolen. And it conflicts with your recommendation for strong passwords in the next sentence:
A lock isn’t an option for mobile devices, so strong passwords or biometrics are currently the best options.
Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
S | M | T | W | T | F | S |
---|---|---|---|---|---|---|
1 | 2 | 3 | ||||
4 | 5 | 6 | 7 | 8 | 9 | 10 |
11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 28 | 29 | 30 |
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.