Local Account Passwords

This check identifies any local user accounts that are using blank or simple passwords. This check is not performed on domain controllers. As a security measure, Windows Server 2003, Windows XP and Windows 2000 operating systems all require user authentication through passwords. However, the security of any system depends on both technology and policy - the manner in which systems are set up and managed. This check enumerates all user accounts and checks for the following passwords:

* Password is blank
* Password is the same as the user account name
* Password is the same as the machine name
* Password uses the word "password"
* Password uses the word "admin" or "administrator"

This check also notifies you of any accounts that have been disabled, or are currently locked out.