35
5
Windows 10 v 1803 upon installation, selecting an offline account, asks for 3 "recovery questions", and related recovery answers. Answers to these questions are trivially accessible from any social network, and using it as "alternative passwords" adds no value to me.
How can I disable this entire feature?
Silver Dragon
Posted 2018-05-02T06:05:47.730
Reputation: 690
34
Instead of setting the password during the OOBE wizard, set it later. This hasn’t changed from earlier versions of Windows where you had to enter a password hint.
After the setup process is complete, press Ctrl+Alt+Del and select “Change a password”. You will be prompted to enter your old password (empty) and your new password.
If you already entered security questions, you’ll probably have to remove your password first and then use the Ctrl+Alt+Del method. Depending on the how you remove the password, you may lose access to EFS-encrypted files.
Like the password hint on earlier Windows versions, this probably cannot be deactivated on non-domain accounts.
Daniel B
Posted 2018-05-02T06:05:47.730
Reputation: 40 502
3To clarify, "set it later" means leave the password field blank and click Next to proceed. You'll need to set a password later. – Andrew Bate – 2019-05-29T18:52:34.830
5
Starting with Windows 10 build 18237, a new group policy was added for preventing the use of security questions for local accounts. Open Local Group Policy Editor and go to:
Computer Configuration\Administrative Templates\Windows Components\Credential User Interface
Prevent the use of security questions for local accounts
Look for a policy called "Prevent the use of security questions for local accounts" and enable it. Source
If you want to delete the security questions that was already set up for local account, open Registry Editor and go to: HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets. Delete any subkey that begins with L$_SQSA_. Source
E.Swaff
Posted 2018-05-02T06:05:47.730
Reputation: 71
2
You can create users without security questions by going into the "Local Users and Groups" panel within Computer Management. In there you have the option to create users with or without a password along with the settings like "change password on next login", or "set password to never expire". There is no place in there to setup a hint or security questions.
Note that by default account created there are only members of the users group and if you want them to be local admins, then you need to add "administrators" to their group.
Zenonk
Posted 2018-05-02T06:05:47.730
Reputation: 41
"Local Users and Groups" is not available within Computer Management on Windows Home (as of mid 2019). – Jay Baxter – 2019-07-28T18:26:32.833
2
"Upon installation" (which I took to mean during the obligatory setup process you are forced to use when you first power up a new PC) I've found those questions to be unavoidable ONLY IF you skip setting a password for the user you are being forced to create.
It's my practice to setup a local administrator on each new machine even if it is joining a domain so I don't mind entering the user name and description etc., but the only way I can find to avoid those security questions is to leave the password field blank. Later on, once the obligatory setup process has finished, don't forget to add a password to that account because it is by default a local administrator account. When I do this using netplwiz I'm not asked to create any security questions.
Bungeecork
Posted 2018-05-02T06:05:47.730
Reputation: 39
1
Its not needed that you answer those questions correctly. You can put any answer there or just some values that you are sure that no one else knows.
That way, you have a recovery option and still have acceptable security for your login.
Ganesh R.
Posted 2018-05-02T06:05:47.730
Reputation: 4 869
No, that cannot be skipped or disabled. – Waka – 2018-05-02T06:56:54.803