User Account Management in Windows 10

Introduction

Windows 10 categorizes users into three types, each with a distinct purpose. Let’s explore the Local, Domain, and Microsoft user types. Then we’ll delve into related account management topics like admin versus non-admin accounts, how to configure User Account Control (UAC), single sign-on and domain versus workgroup accounts in Windows 10.

Local user

Local user accounts are old-school and well-known. Only a username of up to 20 characters and a password are needed to set up a Local user. These credentials are stored on the device the account was created and only access that device. 

As of version 1803, users setting up a local user account must select three security questions in case the local user password is lost or forgotten. This type of account is suitable for home users and small companies that do not have a need for a domain.

Domain user

Domain user accounts refer to user accounts connected to an enterprise network, with a Windows server as a domain controller. This type of user account requires an Active Directory account and a username and password. 

These credentials can sign in with the following formats: domainusername and username@domain. The “@domain” option is only available to domains with a fully qualified domain name. Prior to joining a Windows 10 system to a domain, a local account must be created on the Windows 10 system.

Administrator versus non-administrator accounts in Windows 10

Windows 10 further splits users into two subtypes: administrator and non-administrator (standard). Administrator accounts grant users control over the entire system, including permission to take action that may affect other users. Administrator actions include installing software, changing local policy and running elevated tasks.

Non-administrator accounts have restricted privileges. They can work with applications but can’t install new ones, and the changes they make only (Read more...)