Users able to authenticate with blank password when using Active Directory
Posted by Van Glass on 31 March 2008 05:23 PM
This is due to an AD configuration that has anonymous bind option enabled. Anonymous bind allows users to authenticate using a known username and blank password even though the user has a non-blank password. To disable anonymous binding perform the following:|
1. Download Support Tools for Windows 2003 Server at http://www.microsoft.com/downloads/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90&DisplayLang=en
2. Go to C:\Program Files\Support Tools\ and run the application adsiedit.msc. The ADSI Edit application is launched.
3. Navigate to CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,
4. Right click the "CN=Directory Services" container, choose "Properties" from the context menu and scroll down to the dsHeuristics attribute.
5. Click the Clear button followed by Apply.