Understand PASSWD_NOTREQD Flag
This flag allows to have a fully functioning account with a blank password (even with a valid domain password policy in place). If this flag is set for any accounts in domain, can login with blank password.
Generally below flags are being set or configured on user’s accounts.
- ACCOUNTDISABLE (2)
- NORMAL_ACCOUNT (512)
- DONT_EXPIRE_PASSWORD (65536)
- PASSWD_CANT_CHANGE (64)
Please go through below flag chart to get to know about all flag which are available in UserAccountControl.
Property flag | Value in hexadecimal | Value in decimal |
---|---|---|
SCRIPT | 0x0001 | 1 |
ACCOUNTDISABLE | 0x0002 | 2 |
HOMEDIR_REQUIRED | 0x0008 | 8 |
LOCKOUT | 0x0010 | 16 |
PASSWD_NOTREQD | 0x0020 | 32 |
PASSWD_CANT_CHANGE | 0x0040 | 64 |
ENCRYPTED_TEXT_PWD_ALLOWED | 0x0080 | 128 |
TEMP_DUPLICATE_ACCOUNT | 0x0100 | 256 |
NORMAL_ACCOUNT | 0x0200 | 512 |
INTERDOMAIN_TRUST_ACCOUNT | 0x0800 | 2048 |
WORKSTATION_TRUST_ACCOUNT | 0x1000 | 4096 |
SERVER_TRUST_ACCOUNT | 0x2000 | 8192 |
DONT_EXPIRE_PASSWORD | 0x10000 | 65536 |
MNS_LOGON_ACCOUNT | 0x20000 | 131072 |
SMARTCARD_REQUIRED | 0x40000 | 262144 |
TRUSTED_FOR_DELEGATION | 0x80000 | 524288 |
NOT_DELEGATED | 0x100000 | 1048576 |
USE_DES_KEY_ONLY | 0x200000 | 2097152 |
DONT_REQ_PREAUTH | 0x400000 | 4194304 |
PASSWORD_EXPIRED | 0x800000 | 8388608 |
TRUSTED_TO_AUTH_FOR_DELEGATION | 0x1000000 | 16777216 |
To check all accounts, which have the Flag “PasswordNotRequired” use the following PowerShell command.
PS C:\> Get-ADUser -Filter {PasswordNotRequired -eq $true} | ft name, UserPrincipalName
name UserPrincipalName
—- —————–
Guest
Amar (Rmp) Tiwary
vipan Kumar vipan.kumar-azure@Windowstechno.local
Neha Neha.Thakur@windowstechno.com
SHELL$PS C:\>
Use below PowerShell Command to remove this flag- “PasswordNotRequired”
Set-ADUser -Identity Neha.Thakur -PasswordNotRequired $false
PS C:\> Set-ADUser -Identity Neha.Thakur -PasswordNotRequired $false
Please check more Understanding and Remediating “PASSWD_NOTREQD”
https://docs.microsoft.com/en-us/archive/blogs/russellt/passwd_notreqd
So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!
Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .
You can also share the feedback on below windows techno email id.
If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.