Accounts reset to empty password
I appreciate this is going to immediately sound like Confiker or some kind of trojan but something tells me it could be some essoteric issue I've missed.
The problem I've got is that two staff accounts have recently reported problems getting into their accounts and after a couple of careful probings it seems that they've managed to get their passwords to reset to empty (ie: none required).
Now, the GPO requires all users to have a password with 5 characters or more so it shouldn't have accepted anything smaller, much less empty. The children are all primary age and we don't have any genius types although I wouldn't put it past one or two to be semi-skilled in resetting a password if they found a machine logged in ;).
Originally I thought that perhaps the issue was down to:
- a machine being logged in and password being reset to empty
- staff members not bothering to read the screen when the password expiry prompt came up and just plugging stuff in, etc... The GPO limitation is the bit that has me stumped though.
Right now I'm running a full virus scan of the systems (using Avast) and I've already made sure Confiker isn't behind this but does anyone had any ideas that I need to cover or possible vectors that might explain this.