It was possible to establish a SMB session using the Administrator account with a blank password.
You need to limit local account use of blank passwords to console login only.
- [Start] [Run] and type gpedit.msc and click [OK]
- Navigate to Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options
- Double click on Accounts: Limit local account use of blank passwords to console login only.
- Select the radio button next to Enabled and click [OK]