Tuesday, March 22, 2016

When "An attempt was made to query the existence of a blank password for an account" is logged

A cause of some paranoia and panic on the Internet is Windows 8's tendency to log batches of events to the Security log that say "An attempt was made to query the existence of a blank password for an account."

Those events are entirely normal - they appear even on a completely fresh machine. Today I discovered that an event is logged for each local account every time one of these two things happens:

  • The username/picture tile in the upper-right of the Start screen is pressed. The events are logged even on domain-joined machines where the resulting menu contains no local users. In this case, the Subject is the logged-in user.
  • The logon screen shows the list of active local users. In this case, the Subject is NT AUTHORITY\LOCAL SERVICE.
Posted by at
Labels:

1 comment:

  1. Musician CafeSeptember 25, 2017 at 10:33 PM

    What happens when neither of those two situations are present, and your computer is still showing an ENORMOUS trail of these event logs?

    ReplyDelete

Subscribe to: Post Comments (Atom)