In one of our earlier post, we talked about removing Security Questions from Windows. This post offers an alternative way of disabling the same via a PowerShell script. Update-AllUsersQA is a PowerShell script designed to remove or disable the security questions and answers for local users on a Windows 11/10 machine. It lets admins take control of the security questions in the environment and minimize the risk that arises from them.
Disable Security Questions using a PowerShell Script
If a user has his Microsoft Account configured to sign in to Windows 11/10 then, he’ll probably never notice Password Recovery questions. However, if he has chosen a local account for installing Windows, he’ll be prompted to create three security questions. These can be used to reset the password and log into Windows 11/10 account should there be an event of misfortune.
However, if you do not find it of much use, you can disable it via a simple PowerShell script which is available for download on GitHub.
To disable the security questions, simply download the .ps1 file from the GitHub repository and open the PowerShell window with admin rights.
Next, navigate to the folder where .ps1 file is saved – In my case it is the Downloads folder. Copy the folder location address.
In the PowerShell window change the directory by using this command:
cd "folder location address"
Then, enter the following text to disable the recovery questions.
Following this, the security questions feature will be disabled. If you try to set a security question, you will get a message alerting that the feature has been disabled.
To enable it again, you’ll need to run the same script with one more parameter –answer. The syntax is as follows-
Update-AllUsersQA -answer SecretAnswer
Please note that you need to replace SecretAnswer with an answer of your own choice. When done, it will be set as the answer for all questions. After that, you can go to the Settings app to change the answer to the questions.
Security questions don’t come across as a very great feature for account security. This is because they appear too easy to set and too hard to monitor in networks made up of hundreds or thousands of computers. A single person with administrator credentials can remotely enable/disable them on any Windows 10 machine and can go unnoticed. As such, if any unknown person gains unauthorized administrative control, he can use the security questions as a backdoor to gain complete control over the network.