Windows Security provides built-in security options to help protect your device from malicious software attacks.
The Account protection page in Windows Security allows you to access sign-in options and account settings, including Windows Hello and dynamic lock.
You can hide the Device security area from users on the device. This option can be useful if you don’t want users to see or have access to user-configured options for these features.
This tutorial will show you how to hide or show the Account protection page in Windows Security for all users in Windows 10 and Windows 11.
When you enable password expiration for an account, the user will be forced to change their password the next time they sign in when it expires.
A local account password will expire when a maximum (42 days by default) and minimum ( 0 days by default) password age has been reached by default.
A Microsoft account password will expire every 72 days by default.
This tutorial will show you how to enable or disable password expiration for an account in Windows 10 and Windows 11.
You can change your local account or Microsoft account password if you know its current password.
If you do not know or forgot your local account password, an administrator account can change your password if you are unable to reset the password.
It is recommended to change your password regularly with a strong password to help keep your device more secure.
This tutorial will show yo how to change the password of a local account and Microsoft account in Windows 11.
Having different accounts on a shared PC lets multiple people use the same device, all while giving everyone their own sign-in info, plus access to their own files, browser favorites, and desktop settings.
You can add a local user account (an offline account) or Microsoft account for a user to sign in to the PC with. These can be a standard user or administrator account type.
When you add an account in Windows, it will be a standard user account by default.
Standard User – Standard user accounts are good for everyday usage, and can be a local account or Microsoft account. Standard user accounts can use most apps and change system settings that do not affect other users. If any action that requires elevated rights is attempted while signed in as a standard user, Windows will display a UAC prompt for the password of an administrator for approval. If UAC is set to “Never notify”, then a standard user will automatically be denied the elevated action.
Administrator – Administrator accounts have complete access to the PC and can make any desired changes. Administrators can be a local account or Microsoft account. If any action that requires elevated rights is attempted while signed in as an administrator, Windows will display a UAC prompt for the administrator to confirm (Yes or No) using full administrator rights.
This tutorial will show you how to quickly determine if user accounts on the PC are an administrator or standard user account type in Windows 11.
Having different accounts on a shared PC lets multiple people use the same device, all while giving everyone their own sign-in info, plus access to their own files, browser favorites, and desktop settings.
You can add a local user account (an offline account) or Microsoft account for a user to sign in to the PC with.
This tutorial will show you how to check if a user account is either a local account or a Microsoft account in Windows 11.
Full details of user accounts would include: AccountType, Description, Enabled or Disabled, Domain, FullName, InstallDate, Lockout, LocalAccount, Name, PasswordChangeable, PasswordExpires, PasswordRequired, SID, SIDType, and Status.
This tutorial will show you how to quickly view full details about all user accounts on your Windows 10 and Windows 11 PC.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached.
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. An administrator can also manually unlock a locked-out account.
The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0.
The Allow Administrator account lockout policy determines whether the built-in Administrator account is subject to account lockout policy.
Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.
Starting with Windows 11 build 22528 and higher, the Account lockout threshold policy is now set to 10 failed sign-in attempts by default. The Account lockout duration is now set to 10 minutes by default. The Allow Administrator account lockout is now enabled by default. The Reset account lockout counter after is now set to 10 minutes by default.
This tutorial will show you how to unlock a locked out local account in Windows 10 and Windows 11.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached.
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. An administrator can also manually unlock a locked-out account.
The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0.
The Allow Administrator account lockout policy determines whether the built-in Administrator account is subject to account lockout policy.
Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.
Starting with Windows 11 build 22528 and higher, the Account lockout threshold policy is now set to 10 failed sign-in attempts by default. The Account lockout duration is now set to 10 minutes by default. The Allow Administrator account lockout is now enabled by default. The Reset account lockout counter after is now set to 10 minutes by default.
This tutorial will show you how to change the Reset account lockout counter after policy in Windows 11 or Windows 10.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached.
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. An administrator can also manually unlock a locked-out account.
The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0.
The Allow Administrator account lockout policy determines whether the built-in Administrator account is subject to account lockout policy.
Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.
Starting with Windows 11 build 22528 and higher, the Account lockout threshold policy is now set to 10 failed sign-in attempts by default. The Account lockout duration is now set to 10 minutes by default. The Allow Administrator account lockout is now enabled by default. The Reset account lockout counter after is now set to 10 minutes by default.
This tutorial will show you how to change the Account lockout duration in Windows 11 or Windows 10.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached.
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. An administrator can also manually unlock a locked-out account.
The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0.
The Allow Administrator account lockout policy determines whether the built-in Administrator account is subject to account lockout policy.
Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.
Starting with Windows 11 build 22528 and higher, the Account lockout threshold policy is now set to 10 failed sign-in attempts by default. The Account lockout duration is now set to 10 minutes by default. The Allow Administrator account lockout is now enabled by default. The Reset account lockout counter after is now set to 10 minutes by default.
This tutorial will show you how to enable or disable the Allow Administrator account lockout policy in Windows 11.
Someone who attempts to use more than a few unsuccessful passwords while trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error. Windows domain controllers keep track of logon attempts, and domain controllers can be configured to respond to this type of potential attack by disabling the account for a preset period of time. Account Lockout Policy settings control the threshold for this response and the actions to be taken after the threshold is reached.
The Account lockout threshold policy setting determines the number of failed sign-in attempts that will cause a user account to be locked. A locked account cannot be used until you reset it or until the number of minutes specified by the Account lockout duration policy setting expires. You can set a value from 1 through 999 failed sign-in attempts, or you can specify that the account will never be locked by setting the value to 0. If Account lockout threshold is set to a number greater than zero, Account lockout duration must be greater than or equal to the value of Reset account lockout counter after.
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. An administrator can also manually unlock a locked-out account.
The Reset account lockout counter after policy setting determines the number of minutes that must elapse from the time a user fails to log on before the failed logon attempt counter is reset to 0.
The Allow Administrator account lockout policy determines whether the built-in Administrator account is subject to account lockout policy.
Brute force password attacks can be automated to try thousands or even millions of password combinations for any or all user accounts. Limiting the number of failed sign-ins that can be performed nearly eliminates the effectiveness of such attacks. However, it is important to note that a denial-of-service (DoS) attack could be performed on a domain that has an account lockout threshold configured. A malicious user could programmatically attempt a series of password attacks against all users in the organization. If the number of attempts is greater than the value of Account lockout threshold, the attacker could potentially lock every account.
Starting with Windows 11 build 22528 and higher, the Account lockout threshold policy is now set to 10 failed sign-in attempts by default. The Account lockout duration is now set to 10 minutes by default. The Allow Administrator account lockout is now enabled by default. The Reset account lockout counter after is now set to 10 minutes by default.
This tutorial will show you how to change the Account lockout threshold to lock out a local account after a specified number of failed sign-in attempts to Windows 11.
Having different accounts on a shared PC lets multiple people use the same device, all while giving everyone their own sign-in info, plus access to their own files, browser favorites, and desktop settings.
If you have an account on your PC that you want to make unavailable without deleting it, you can disable the account and enable the account again later when wanted.
When an account is disabled, it can no longer be signed in to until enabled again. The account’s name will no longer appear on the sign-in screen or user menu on the Start menu until enabled again.
This tutorial will show you how to enable or disable an account in Windows 11.
Having different accounts on a shared PC lets multiple people use the same device, all while giving everyone their own sign-in info, plus access to their own files, browser favorites, and desktop settings.
A guest account is a restricted local account for users you don’t want to have a permanent account on your PC. It allows people (visitors) to use your PC without having access to your personal files. Users signed in to the guest account can’t install apps, can’t open Microsoft Store apps, can’t install hardware, and can’t open Settings.
You can no longer use the built-in Guest account in Windows. As a workaround, we can add a local account with any name other than “Guest” that is only a member of the Guests group as a guest account instead. You can use this method to add more than one guest account if wanted. When you are done with a guest account, you can either delete the guest account, temporarily disable the guest account until needed next, or leave it for another guest to use.
This tutorial will show you how to add a guest account to your Windows 11 or Windows 10 PC.
You can change your local account or Microsoft account picture in Windows 11 to have more of a personal touch that reflects you.
A Microsoft account picture will sync by default to all PCs, devices, and Microsoft services you sign in to with the same Microsoft account.
This tutorial will show you how to change the picture for your local account or Microsoft account in Windows 11.
Having different accounts on a shared PC lets multiple people use the same device, all while giving everyone their own sign-in info, plus access to their own files, browser favorites, and desktop settings.
You can add a local user account (an offline account) or Microsoft account for a user to sign in to the PC with.
If you have a user account on your PC that is not being used or no longer needed, you can permanently remove it by deleting it.
This tutorial will show you how to delete a user account to remove it from your Windows 11 PC.
Windows Hello is a more personal, more secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint. You’ll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.
These options help make it easier and safer to sign into your PC because your PIN is only associated with one device and it’s backed up for recovery with your Microsoft account.
You can set up facial recognition sign-in with your PC’s infrared camera or an external infrared camera.
This tutorial will show you how to set up the Windows Hello facial recognition sign-in option for your account in Windows 11.
Windows Hello is a more personal, more secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint. You’ll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.
These options help make it easier and safer to sign into your PC because your PIN is only associated with one device and it’s backed up for recovery with your Microsoft account.
If you forgot your PIN, you can reset the PIN if you know your account’s password.
This tutorial will show you how to enable or disable reset PIN at sign-in for all Microsoft accounts in Windows 11.
Windows Hello is a more personal, more secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint. You’ll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.
These options help make it easier and safer to sign into your PC because your PIN is only associated with one device and it’s backed up for recovery with your Microsoft account.
This tutorial will show you how to change the PIN for your account in Windows 11.
Windows Hello is a more personal, more secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint. You’ll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.
These options help make it easier and safer to sign into your PC because your PIN is only associated with one device and it’s backed up for recovery with your Microsoft account.
If you forgot your PIN, you can reset the PIN if you know your account’s password.
This tutorial will show you how to reset the PIN for your account in Windows 11.
Windows Hello is a more personal, more secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint. You’ll need to set up a PIN as part of setting up fingerprint or facial recognition sign-in, but you can also sign in with just your PIN.
These options help make it easier and safer to sign into your PC because your PIN is only associated with one device and it’s backed up for recovery with your Microsoft account.
This tutorial will show you how to add the Windows Hello PIN sign-in option from your account in Windows 11.