A user I created on a Windows 10 Pro machine using net user /add /activate:yes seems to be able to login without password. Is that the expected behavior? If so, what is the proper sequence of commands to avoid this potential security hole?
2 Answers
If you don't include a password, then the account is created without one.
Syntax is: NET USER username password /ADD /ACTIVE:YES [More options] [/DOMAIN]
Yes, this is expected behavior. You can simply enter afterwardsnet user [insert user name here]*, for example net user Jack*.