How to Remotely Control a Domain Computer Without a Password

Typically, using Microsoft’s Remote Desktop feature, you can control other Windows systems (Professional, Enterprise, and Professional Workstation editions) within a local area network if they have a user account with a password.

However, in certain special cases, you may want the target computer to have no password. By default, user accounts without a password do not have remote control permissions.

Today, I’ll introduce a method to remotely control a computer on the local area network using an account without a password.

---

Editing Group Policy

• Press Win + R on your keyboard to open the Run dialog, type gpedit.msc, and press Enter to open the Group Policy Editor.

• In the left pane, navigate to the following path:

  Windows Settings → Security Settings → Local Policies → Security Options → Accounts: Limit local account use of blank passwords to console logon only

By following the steps above, we allow user accounts without passwords to have remote control access.

---

How to Connect to a Remote Computer

First, you need to know the IP address of the remote computer. On the target computer, press Win + R, type cmd, and press Enter. In the command prompt window, type ipconfig and press Enter. Find the IPv4 address of the local machine, which is typically 192.168.xxx.xxx.

Ensure both the controlling computer and the target computer are connected to the same network.

On the controlling computer, press Win + R, type mstsc, and press Enter to open the Remote Desktop interface.

In the Remote Desktop interface, enter the IP address of the target computer (192.168.xxx.xxx), then click Advanced at the bottom and enter the account name you wish to log in with.

This account name is not the account name of the controlling computer, but the account name of the target computer—specifically, the account without a password mentioned earlier.

Then click Connect. You will be prompted for credentials, i.e., a password. Since there is no password, leave the field blank and click OK.

The Remote Desktop component will warn that the connection is insecure. Simply ignore this warning, click Yes, and proceed with the connection.

This allows you to connect to the remote computer and begin remote control.

Since Windows Remote Desktop does not support public IP addresses, you can use some intranet penetration software to achieve this effect.