System hacks: Cancel Q&A verification when resetting your Win10 account

Microsoft has added another security protection for Windows 10 local accounts, that is, verification according to several security questions set by itself. When we need to reset the account, we also need to enter these security questions and answers and match them before resetting. This is obviously more of a hassle for a home use computer. To make account reset faster, we can disable the above security question verification by using Group Policy Editor, Registry Editor, or PowerShell scripts, etc.

1. Use Group Policy to disable authentication

If we are currently using Windows 10 Professional, Education or Enterprise edition, you can disable the verification of security issues through Group Policy Editor.

First, press Win+R to open the “Run” dialog box, type and execute the GPEDIT.MSC command to start the Local Group Policy Editor (Figure 1).

1923A-NOAQ-1

In the Group Policy Editor, locate “Computer Configuration → Administrative Templates → Windows Components → Credentials User Interface” (Figure 2).

1923A-NOAQ-2

In the right pane of the Credentials UI branch, double-click on “Prevent security issues from being used for local accounts” and set the radio button to “Enabled” (Figure 3).

1923A-NOAQ-3

When this policy setting is enabled, it will turn off security questions. Exit Group Policy Editor and restart your computer for the changes to take effect. 2.

2. Edit the registry to block authentication

If we are using Windows 10 Home Edition, which does not have the ability to invoke Group Policy directly, we can use the Registry Editor to make changes to block authentication.

First, type REGEDIT in the “Run” dialog box and enter to start the Registry Editor (Figure 4). In the Registry Editor window, navigate and locate “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem” in order (Figure 5).

1923A-NOAQ-4

1923A-NOAQ-5

Next, right-click the blank space in the right pane of the System branch, and then click “New → DWORD (32-bit) Value” in order (Figure 6).

1923A-NOAQ-6

Set the name of the newly created DWORD (32-bit) value to NoLocalPasswordResetQuestions. double-click on the newly created NoLocalPasswordResetQuestions and set its numeric data to 1, which indicates that security questions will be disabled. If its value is set to 0, the security questions will be enabled again (Figure 7).

1923A-NOAQ-7

Exit the registry editor and restart the system for the above changes to take effect.

3. Use a PowerShell-specific scripting scheme

In addition to the above, we can also disable the security question and answer prompt by simply running a PowerShell-specific scripting program.

First, download a file called “Update-AllUsersQA.ps1” from the GitHub repository (download at https://dwz.cn/beFs2n4t) and then open a PowerShell window with administrator privileges. Next, in the PowerShell window, use the CD command to enter the directory where the “Update-AllUsersQA.ps1” file is stored (assumed to be “D:TEMP” here), and then enter the following command to disable the security question and answer prompt (Figure 8).

1923A-NOAQ-8

Update-AllUsersQA

After this, if you try to set security questions in the relevant screen, you will receive a message indicating that the feature has been disabled.

Tip: To enable security questions again, you need to run the above script program with another parameter -answer. The command format is as follows.

Update-AllUsersQA -answer YourSecretAnswer

Note that you need to replace the YourSecretAnswer in the command with an answer of your choice, for example, the answer shown in this example is “PILILIPALALA” (Figure 9). Once this is done, the string will be set as the answer to all questions. After that, you can enter the answer to the question in the corresponding security settings web window.

1923A-NOAQ-9

QQ图片20210420165237

Leave a Comment