Install bug: Windows Server 2019 / 2022 does not save some administrator passwords

Windows[German]Brief note to administrators who are deploying installations of Windows Server 2019 and Windows Server 2022. A blog reader pointed out a bug to me that he noticed during setup. During installation, you can set a password for the administrator, but some password patters are is not saved.


Advertising

German blog reader Gregor O. is responsible for the IT of an an institution and emailed me the other day about an observation his team made in connection with the installation of Windows Server 2019 or Windows Server 2022. It seems there are problems with the assignment of a password for the administrator account during the installation. He writes:

I am a diligent reader of your blog posts.

I wanted to let you know that we have noticed a "bug" in Windows Server 2019 / 2022 that may be of interest to several readers:

When installing a virtual Windows Server 2019 / 2022, a password for the administrator is required during installation, this was also deposited by us. The system also confirms that this has been adopted.

When the server is configured and you want to log in via vSphere Client with the local administration account, you do not have to enter a password. You will still be logged in with the account.

So Windows Server 2019 / 2022 does not save the specified password during installation and one is local administrator on the VM.

The statement is clear: A password set during setup for the administrator is therefore not saved. One can indeed set the password after installation, but this is often forgotten, as Gregor O. wrote in a 2nd mail:

Hello,

it is possible after the fact, but it is questionable whether you still think about it when the server is already included in a domain, because you don't really need the local administrator.

I have had published this observation a few days ago within my German blog. Many readers commented, that they can't confirm this observation. Then Gregor O. came out with more details and wrote:

After further tests we have also found out the following: This "bug" does not apply to all passwords, e.g. if you install a Server 2019 / 2022 with the initial password #1Administrator2#, the password is discarded, but if you take e.g. "12345678" as password, this works.

So it seems, that the character # works as a escape character and the password write function of Windows fails to save that. Other German blog readers have confirmed this behavior after they proceeded own tests. This is potentially a security issue, because no password is required to login to the server (although remote login won't work). So administrators should check the password of the administrator account after installing a Windows Server instance.

Gregor O. told me, that he reported the bug to Microsoft, but the case has been closed without an answer. I will forward it again to Microsoft, because of the implications.


Advertising

This entry was posted in issue, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).