One of the new features allows administrators to restrict remote users from logging on with blank passwords. Users are allowed to log on locally with accounts that have a blank password, but since they're not connected to the domain at that time, they're not exposed to attacks from the Internet. In other words, remote users won't be able to connect to Windows .NET servers using accounts that have a blank password. As anyone who's worked in an IT department knows well, if you permit users to have blank passwords for their accounts, a lot of users will prefer to use blank passwords. Why? Well, it sure beats looking for the password on a Post-it note on the side of the monitor, or under the keyboard. With .NET servers, your company will be protected from Internet attacks even if the local administrator accounts on your workstations are left blank; users will only be allowed to log on locally if they're using accounts that have blank passwords. This behavior is enabled by default in beta 3.