I created a user account that has no password.
When trying to login as that user from the Welcome Screen, Windows says:
Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.
So, the question is:
- How do I disable account restrictions preventing this user from signing in?
- How do I allow blank passwords
System
- Windows 10 Pro
- Not domain joined
Local Computer Policy/Computer Configuration/Administrative Templates/System/Credentials Delegation:
Setting | State | Comment |
---|---|---|
Allow delegating default credentials with NTML-only server authentication | Not configured | No |
Allow delegating default credentials | Not configured | No |
Encryption Oracle Remediation | Not configured | No |
Allow delegating fresh credentials | Not configured | No |
Allow delegating fresh credentials with NTLM-only server authentication | Not configured | No |
Remote host allows delegation of non-exportable credentials | Not configured | No |
Allow delegating saved credentials | Not configured | No |
Allow delegating saved credentials with NTLM-only server | Not configured | No |
Deny delegating default credentials | Not configured | No |
Deny delegating fresh credentials | Not configured | No |
Deny delegating saved credentials | Not configured | No |
Restrict delegation of credentials to remote servers | Not configured | No |
Minimum password length of zero
In order to allow a user password to be blank, you need to make sure that the Password Policy Minimum password length is set to 0 (the default):
Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy:
Policy | Security Setting |
---|---|
Minimum password length | 0 characters |
That lets you set a password that is blank. But that doesn't help you actually login, which gives the initial error that we're trying to solve.
Bonus Reading
- Guide to Fix Account Restrictions are Preventing this User from Signing In Error (which suggests turning on the ability for people with blank passwords to login remotely - which of course we do not want. We want them to only be able to login locally at the console.)