Hi,
My apologies for the misunderstanding.
No need to apologize. I guess the misunderstanding could also be due to my english skills cause it's not my native language.
Yes, I have tested this, more specifically, remotely connect to a Windows 10 machine from a Windows 8.1 machine.
Just to be sure again -> To reproduce the problem there has to be just one user account on the Windows 10 machine. And this user must have no password set. Let's say the username on the Win10 machine is win10user. It doesn't matter how many accounts are on the Windows 8 machine, but let's say you are logged in local on the Win8 machine with user win8localuser. U have to connect from Win8 to Win10 and when asked for login details you have to enter win10user with no password. If you get the error message you posted above saying "A user account restriction is preventing ...", then u need to disable "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only".
Would you please clarify the part “which seems to auto login by itself”?
Sure, I will try to be as detailed as possible. At the beginning, I am logged on on the Win10 machine localy and i can see my desktop. With the setup mentioned above, I connect from my laptop [let's pretend it's Win8] to my Win10 machine, which has exactly one user account with no password set. The RDP session opens successfully and I can see the desktop of the remote Win10 machine on my Win8 machine through the RDP session [as it should be]. Sidenote: I can see the physical screen / monitor from where i connect, cause i'm sitting right next to it with my laptop when connecting. The moment i succesfully connect via RDP, the "local session" on the Win10 machine is getting disconnected -> still everything how it should be.
Now begins the weird and what i believe buggy part:
About one second after the local session of the Win10 machine got disconnected, it starts relogging by itself. The Win10 machine is "getting back its session" and I'm getting disconnected from my RDP session with an [error] message telling me that another user has logged in [which was the Win10 machine somehow doing an auto login].
I hope I have been detailed enough and the english is well enough to understand what I'm trying to say. If not, just let me know and I try do be even more detailed and attach some screenshots.
Please check whether session limits group policy was configured, you may run GPresult.exe on the Windows 10 machine to get a complete view of group policy settings configured and applied.
You may also check session limits registry, which is under
HKEY_Local_Machine\ SOFTWARE \ Policies \ Microsoft \ Windows NT \ Terminal Services.
I have checked group policies and couldn't find anything which may cause the issue.
The registry path you described doesn't provide any information about session limits.
One thing to add -> I tried setting a password to my win10user and then connect via RDP again -> this works without any problem. But as soon as I remove the password again and open an RDP session, I get disconnected after a second again.
Thanks a lot for taking the time to help me in this case.
asked • Oct 18, '21 | DaveNeeley-2168 commented • Feb 11, '22
Hey guys,
I'm just trying to use the "passwordless account"-feature of my Microsoft account, but when I tried to use RDP it seems not to work yet. I'm logged in with my Microsoft-account on both devices [Windows 11 Pro] but RDP is asking for a password instead of triggering to acknowledge the logon via my mobile device.
Any ideas?
Regards
thno
Comment
Tags: RDP, Remote Desktop
Sometimes, the default Windows user is setup with a blank password. In such cases Remote Desktop refuses to connect, and it may be inconvenient to require password login for local users.To change the default Windows behavior and allow login over the local network with blank password, do the following:
1. Start the Windows Registry editor [type regedit in the "Start > Run" dialog]
2. Navigate to:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LimitBlankPasswordUse"=dword:00000001
Alternatively, you can use group policy to change this behavior, see MSKB 303846
|
|
Yes, this is possible.
By default, Windows will not allow the logon over a network with a blank password. There is a KB article that details how to allow blank passwords for network logons.
You can disable blank password restrictions by using a policy. To locate and change this policy:
- Click Start, point to Run, type gpedit.msc, and then click OK to start the Group Policy Editor.
- Open Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only.
- Double-click Limit local account use of blank passwords to consol logon only.
- Click Disabled, and then click OK.
- Quit Group Policy Editor.
NOTE: By default, this policy is on [enabled].
Under the cover, in Registry, this is controlled by
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "LimitBlankPasswordUse"=dword:00000000Therefore, alternatively, this can be achieved by directly setting LimitBlankPasswordUse to 0. Setting it to 1 will restore the default behavior.
After you have enabled this, you will be allowed to log on using a blank password.
When attempting to connect or establish Remote Desktop connection to a remote Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1 or Windows 10 computer in order to remotely logon to the machine, the log on may be rejected with Remote Desktop client returns one of the following error messages.
Your credentials did not work.
or,
Unable to log you on because of an account restriction.
or,
An authentication error has occurred.
The Local Security Authority cannot be contactedRemote Computer: xxxxx
or,
A user account restriction [for example, a time-of-day restriction] is preventing you from logging on. For assistance, contact your system administrator or technical support.
By default, Windows operating system does not allow nor permit user account without password set or user name with blank [null] password to connect and log in remotely via Remote Desktop Protocol [RDP].
The obvious resolution is definitely to create and set a password for the user account that requires to logon remotely to a computer via Remote Desktop, and it’s recommended for security reason too. However, user who for some reason such as for the purpose of convenient, and thus unable or cannot assign a password to the user account, can use the following workaround to allow user to login remotely via Remote Desktop Connection [RDP] client to Windows PC.
How to Enable Remote Login via Blank Passwords using Local Security Policy or Group Policy Editor
- To configure the Remote Desktop host computer to accept user name with blank password, go to Control Panel -> Administrative Tools [Under System and Maintenance in Windows Vista / Windows 7 / Windows 8 / Windows 8.1 and Windows 10] -> Local Security Policy.
Alternatively, run GPEdit.msc [Group Policy Editor].
- For Local Security Policy, expand Security Policies / Security Settings-> Local Securities / Local Policies -> Security Options.
For Group Policy Editor or GPEdit.msc, expand Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
- Locate Accounts: Limit local account use of blank passwords to console logon only policy, and set its value to Disabled.
Once disabled, user account with blank or null passwords can now login remotely via Remote Desktop Connection client instead of just able to do so via local console.
How to Configure Blank Passwords Allowed for Remote Log On via Registry
Windows stores the value of the policy set above in a registry key named “LimitBlankPasswordUse”. To unlock the limitation of cannot establish Remote Desktop logon with user account without a password, simply set the value data for LimitBlankPasswordUse to 0 [so that there is no limit on blank or null password use], as according to the code below. Alternatively, copy and paste the following text to a text file, and save with a .reg extension. Then run the .reg file to merge the value to registry.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa] "LimitBlankPasswordUse"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "LimitBlankPasswordUse"=dword:00000000For convenient, two registry files have been created and available for free download, which will enable or disable usage of blank password [or absent of password] to login remotely. Download BlankPasswords.zip [no longer available] and run EnableBlankPasswords.reg to enable or DisableBlankPasswords.reg to disable remote login via blank password.
To re-anebl the restriction, i.e. user with no password or with blank password cannot login remotely, set Accounts: Limit local account use of blank passwords to console logon only policy to Enabled or LimitBlankPasswordUse to 1
The trick works on both 32-bit and 64-bit Windows operating systems.