Allowing Blank Password For a User on an SBS 2003 Domain
We had a call from a client - a user there changed his password, but accidently pressed ok before typing a new one, and it allowed it, meaning his password was blank. The client queried why this was possible.
The culprit proved to be the Configure Password Policies link from the SBS 2003 Users screen - we would have been asked at some point to remove requirement for complex passwords, probably as a result of a frustrated user not remembering how to log on!
In this instance, we suggested to set the 'Password must meet minimum length requirements' back to a value of 6. This would at least ensure a relatively long password is needed, although we advised that this was not as secure as requiring a complex password.