Windows security logon no domain

Can you sign in with a Microsoft account without an Internet connection? Of course! You only need to be connected to the Internet when you create a Microsoft account or switch to a local account. The default local Windows account name is Administrator. In modern versions of Windows, this account is disabled by default. Instead, when you first log in to Windows, you are prompted to create a new account. This account is automatically added to the built-in Administrators group.

If you do not know the names of local accounts on your computer, or you cannot log in under the built-in administrator this account name can be renamed manually or via domain Group Policies , you can display a list of all local Windows accounts from the command line:. In the latest Windows 10 builds, Microsoft recommends using Microsoft accounts instead of local Windows accounts. If you do not want to use the Microsoft account on Windows 10, you can switch to a traditional local Windows account.

Once you completed these steps, your Windows 10 account will be disconnected from your Microsoft account. It will switch to the traditional local account style.

To show all local users on Windows 10 Welcome Screen:. As a result, you do not need to type the user name manually, but simply select it from the local account list. By default, users in the local groups Users , Guests , Backup Operators , and Administrators can sign in locally to Windows If a password is complicated , it takes a huge amount of time to brute the password. So it is not recommended to use caching for users with local administrator permissions or, moreover, domain admin account.

To mitigate security risks, you can disable credential caching on office and administrator computers. It is recommended to reduce the number of cached accounts on mobile devices to 1.

It means that even if an administrator has logged on to a computer and their data have been cached, the password hash of the administrator will be overwritten after the device owner logs on. For AD domains with functional level Windows Server R2 or newer, you can add domain administrator accounts to the Protected Users group. Local credential caching is prohibited for this security group. Such policies will reduce the chance of getting privileged user hashes from domain joined devices.

Notify me of followup comments via e-mail. You can also subscribe without commenting. Leave this field empty. Home About. The password hash is modified using salt based on the user name and saved to the registry. Please rate your experience Yes No. Any additional feedback? Submit and view feedback for This product This page. View all page feedback. In this article. A user successfully logged on to a computer. For information about the type of logon, see the Logon Types table below.

Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password. A user successfully logged on to a computer using explicit credentials while already logged on as a different user. Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.

A user logged on to this computer from the network.