This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello!
My company uses Windows Hello for Business. Additionally, there is a certificate authority with USB tokens. We can login to the Windows operating system using the following methods:
Question: how can I prevent a user from using the keyboard password login method on their computer? Is it possible to manage the registry or group policies? If it is possible to prevent local login using a password, can I save access via RDP? ((If there are rough solutions (non-standard), please specify them as well).
Please take this issue seriously. If you have the opportunity to draw the attention of technical experts. This issue is extremely important and interesting for security in the Windows infrastructure.
@_KUL
Thank you for your post!
In regards to Azure, if you're using an Azure virtual machines (VMs) running Windows Server 2019 Datacenter edition or Windows 10 1809 and later. You can leverage Azure AD authentication to log in to Windows VMs, which provides you a way to centrally control and enforce policies. Tools like Azure role-based access control (Azure RBAC) and Azure AD Conditional Access allow you to control who can access a VM.
I hope this helps, if you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Hello!
Thanks for the answer!
Unfortunately, this problem occurred on the end devices of users. Thank you so much for the information about Azure RBAC.
An elegant solution!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hello,
Thank you so much for your feedback. So glad to hear that we have got the elegant solution.
Thank you for sharing your experience and solution here. It will be very beneficial for other community members who have similar questions. Your support is greatly appreciated.
Thanks again and have a nice day.
Best regards,
Hannah Xiong
Additional Information: Excellent article Passwordless Strategy
Hello,
You are welcome. Thank you so much for your kindly reply.
So sorry to hear that this is not what we need. As per my understanding, do we want to remove password log in from the Sign-in options?
If so, we could kindly have a check whether the below information is helpful or not.
https://pureinfotech.com/remove-login-password-windows-10/
https://www.isunshare.com/windows-10-password/remove-sign-in-password-on-windows-10-computers.html
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello!
Thank you for your answer, but you misunderstood me again :)
The Purpose of the task is to increase security, not make it easier to log in!
Problem: there is a user, there is an AD workstation, the user can authenticate in different ways, but we need to prohibit the password entry method. In principle, prohibit! Do not save, do not make auto-entry, but make it impossible. He can leave the password stored in AD, but prevent the user from entering the password on the workstation (delete the password field, steal the keyboard, make them forget the password, beat their hands ...). And the second problem, if for user 1 we forbid entry, what can user 2 from AD log in?! Do I need to ban all users or how do I break the authentication method on my computer?!
Alternatively, i can set a new password for user 1 that they don't know ...
Hello,
You are welcome. Thank you so much for your kindly reply.
So so sorry that I misunderstood you again. Frankly speaking, sorry that I might not be able to provide some useful information currently. Sincerely hope others could share their experience or knowledge here.
If it is urgent, I would suggest you contact Microsoft Customer Services and Support to get an efficient solution:
https://support.microsoft.com/en-in/hub/4343728/support-for-business
Sorry again for the inconvenience. Thank you so much for your understanding and support.
Best regards,
Hannah Xiong
Anyway, thank you for your attention to the question!
Hello,
You’re very welcome. Sincerely hope our issue could be resolved soon.
Thank you very much; your support is greatly appreciated.
Best regards,
Hannah Xiong
Hello,
Thank you so much for posting here.
As per my research, we could choose to disable password login to automatically login without using password or disable the password reveal button on the sign-in screen. Below are the discussions. We could kindly have a check whether it helps.
How to disable the Password Reveal button on the Sign-in screen on Windows 10
https://www.windowscentral.com/how-disable-password-reveal-button-sign-screen-windows-10
How to disable Password login in windows 10
https://thegeekpage.com/disable-password-login-in-windows-10/
Automatically Login Without Using Password In Windows 10
https://www.kapilarya.com/how-to-automatically-login-without-using-password-in-windows-10
As for the RDP issue, it is suggested that we could turn to the dedicated forum for more professional assistance.
https://learn.microsoft.com/en-us/answers/topics/windows-remote-desktop-services.html
For any question, please feel free to contact us.
Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello!
Thank you for answer, but this is not what I need.
It is necessary to completely exclude any user from logging in to the workstation using the authentication method - local password entry. In other words, the system should perform validation via a certificate, Windows Hello, Azure, but not with a local or (and) AD password!