We know that we can set domain password policies through a group policy tied to the domain NC head.  We know that up until 2008, this policy becomes the singular effective password policy for all domain user accounts.  This means that even if we create a group policy and tie it to an OU lower down in the structure, say an Admins OU, this will not affect domain user policy - even for thos admin accounts in that OU.  So, natively, we can’t set one policy for our users and... [More]

Kinda by accident I came across an interesting behavior in Windows Server 2003 Remote Desktop. By default, on a Windows 2003 workgroup server, regardless of the user account rights or security group membership, remote desktop does not allow a user with a blank password to logon through Terminal Services.  This is because of a policy setting called Accounts: Limit local account use of blank passwords to console logon only.  However, via an odd series of steps, you can still logon with a... [More]