Account Restrictions Are Preventing This User From Signing In
When logging on using the PC NameAccount Name method, even with the right password, I'm told my credentials are wrong. When logging on using the same method above but leaving a blank password, I'm told 'account restrictions are preventing this user from signing in'. By disabling or not configuring this policy setting on the client computer, users will be able to use their Microsoft account, local account, or domain account for their sign-in session to Windows. It also enables the user to connect a local or domain account to a Microsoft account. This provides a convenient option for your users.
- Account Restrictions Are Preventing This User From Signing In Windows 10
- Account Restrictions Are Preventing This User From Signing In Windows Server 2012
- Account Restrictions Are Preventing This User From Signing In Windows 10 Share
- Account Restrictions Are Preventing This User From Signing In Run As Different User
- Account Restrictions Are Preventing This User From Signing In. For Example
Applies to
- Windows 10
Describes the best practices, location, values, management, and security considerations for the Accounts: Block Microsoft accounts security policy setting.
Reference
This setting prevents using the Settings app to add a Microsoft account for single sign-on (SSO) authentication for Microsoft services and some background services, or using a Microsoft account for single sign-on to other applications or services. For more details, see Microsoft Accounts.
There are two options if this setting is enabled:
Users can’t add Microsoft accounts means that existing connected accounts can still sign in to the device (and appear on the Sign in screen). However, users cannot use the Settings app to add new connected accounts (or connect local accounts to Microsoft accounts).
Users can’t add or log on with Microsoft accounts means that users cannot add new connected accounts (or connect local accounts to Microsoft accounts) or use existing connected accounts through Settings.
If you disable or do not configure this policy (recommended), users will be able to use Microsoft accounts with Windows.
Possible values
- This policy is disabled
- Users can’t add Microsoft accounts
- Users can’t add or log on with Microsoft accounts
By default, this setting is not defined on domain controllers and disabled on stand-alone servers.
Best practices
- By disabling or not configuring this policy setting on the client computer, users will be able to use their Microsoft account, local account, or domain account for their sign-in session to Windows. It also enables the user to connect a local or domain account to a Microsoft account. This provides a convenient option for your users.
- If you need to limit the use of Microsoft accounts in your organization, click the Users can’t add Microsoft accounts setting option so that users will not be able to use the Settings app to add new connected accounts.
Location
Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
Default values
The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
| Server type or GPO | Default value |
|---|---|
| Default Domain Policy | Not defined |
| Default Domain Controller Policy | Not defined |
| Stand-Alone Server Default Settings | Disabled |
| DC Effective Default Settings | Disabled |
| Member Server Effective Default Settings | Disabled |
| Client Computer Effective Default Settings | Disabled |
Policy management
This section describes features and tools that are available to help you manage this policy.
Restart requirement
None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.
Security considerations
This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of the countermeasure implementation.
Vulnerability
Although Microsoft accounts are password-protected, they also have the potential of greater exposure outside of the enterprise. Additionally, if the owner of a Microsoft account is not easily distinguishable, auditing and forensics become more difficult.
Countermeasure
Require only domain accounts in your enterprise by limiting the use of Microsoft accounts. Click the Users can’t add Microsoft accounts setting option so that users will not be able to create new Microsoft accounts on a device, switch a local account to a Microsoft account, or connect a domain account to a Microsoft account.
Potential impact
Establishing greater control over accounts in your organization can give you more secure management capabilities, including procedures around password resets.
Related topics
Lesson 9: Managing User Accounts and Parental Controls
/en/windows10/making-windows-10-feel-more-familiar/content/
Managing user accounts and parental controls
A user account allows you to sign in to Windows 10. By default, your computer already has one user account, which you were required to create when setting up Windows for the first time. But if you plan to share your computer, you can create a separate user account for each member of your home or office.
Connecting users to a Microsoft account Subnautica game free download. will help them get the most out of Windows. But if a user prefers not to create a Microsoft account, you can also add a local user account that exists only on your computer.
Watch the video below to learn more about creating and managing user accounts:
Note that you must be signed in as an Administrator (the first user account created on your computer) to add a new user.
To add a new user (with a Microsoft account):
Account Restrictions Are Preventing This User From Signing In Windows 10
- Open the Settings app, then select Accounts.
- Select Family & other users. Scroll down to the Other Users section, then choose Add someone else to this PC.
- If the new user already has a Microsoft account, enter the associated email address, then click Next.
- The user can then sign in to the computer with his or her Microsoft account information. Note that it may take several minutes to configure a user's settings when logging in with a Microsoft account for the first time.
To add a new local user (without a Microsoft account):
- From the Account settings, click Add someone else to this PC.
- Select The person I want to add doesn't have an email address.
- The account creation screen will appear. Select Add a user without a Microsoft account.
- Enter an account name, then type the desired password. It's important to choose a strong password—in other words, one that is easy to remember but difficult for others to guess. For more information, check out Password Tips in our Tech Savvy Tips and Tricks tutorial. When you're finished, click Next.
- The local user can then sign in to the computer with this account information.
Signing out and switching users
If you're finished using your account, you can sign out. To do this, click the Start button, select the current account in the top-left corner, then choose Sign out. Other users will then be able to sign in from the lock screen.
It's also easy to switchbetween users without signing out or closing your current apps. Switching users will lock the current user, so you won't need to worry about someone else accessing your account. To do this, select the current account, then choose the desired user from the drop-down menu. You can use this same method to switch back to the other user.
Managing user accounts
By default, the user account you created when setting up your computer is an Administrator account. An Administrator account allows you to make top-level changes to the computer, like adding new users or modifying specific settings. Any users you add are automatically assigned to a Standard user account, which should meet the everyday needs of most users. You will probably only need one Administrator account on a shared computer, but you have the option to promote any user to an Administrator account if you want.
- From the Family & other users options, select the desired user, then click Change account type.
- Select the desired option from the drop-down list, then click OK. In this example, we'll choose Administrator.
- The user will now have administrative privileges.
Setting parental controls
Account Restrictions Are Preventing This User From Signing In Windows Server 2012
Windows offers a variety of parental controls that can help you monitor your children's activity and protect them from inappropriate content. For example, you can restrictcertain apps and websites or limit the amount of time a user can spend on the computer. You'll need to add a family account for each user you want to monitor. Each user will also need to have a Microsoft account; you cannot enable parental controls on a local account.
- From the Family & other users options, select Add a family member.
- Select Add a child, enter the new user's email address, then click Next.
- The new member will then need to confirm the addition to your family group from his or her inbox.
- Once this is done, select Manage family settings online.
- A page will open in a new browser window. From here, select the desired user to set parental controls.
Click the buttons in the interactive below to learn more about setting parental controls:
Screen time
From here, you can limit the amount of time a child can spend on the computer.
Apps & games
From here, you can set general restrictions and age limits for apps and games downloaded from the Windows store.
Web browsing
From here, you can enable web browsing preferences. For example, you can choose to block inappropriate websites by default. You can also approve certain sites so they won't be blocked by the filter.
Account Restrictions Are Preventing This User From Signing In Windows 10 Share
Recent Activity
Account Restrictions Are Preventing This User From Signing In Run As Different User
From here, you'll see a general summary of a child's activity, like the websites visited and the total amount of time spent on the computer.
Account Restrictions Are Preventing This User From Signing In. For Example
/en/windows10/security-and-maintenance/content/