How to prevent users from accessing the control panel

While attempting multiple times wrong password is occur problem for you so lets fix it when user try to login own account in windows 10 and if user forgot password then how can i lock user account after trying multiple times wrong password even might be possible some unauthorized person trying to access the accounts. So, here comes with lockout policy where you can safe your users account by administrator.

What is Lockout Policy ? 

A lockout policy in windows is a security features that help protects user accounts from unauthorized access by locking the account after a specific number of failed login attempts. This policy is designed to prevent brute force attacks. Where attackers repeatedly try different passwords to gain access.

Let's Prevent Step by Step  

-- For doing this task you must have a user with administrative rights of administrator account. 

-- Press win + r and type "secpol.msc" windows. Click on "OK".

-- After opening local security policy > go to "account policies" >  "account lockout policy" .

-- then right click on "account lockout threshold" > and go to properties and set "account will lock out after "1"  minute " > then apply / Ok.

-- then same as right click on "account lockout duration" > and go to properties and set "account lockout duration "1"  minute " > then apply / Ok.

-- then same as right click on "reset account lockout counter after" > and go to properties and set "1"  minute " > then apply / Ok.

-- then open cmd prompt and type "gpupdate /force " it will update policy for all user.

-- So you can check after attempting 3 times wrong password user getting pop and saying you account has been locked so wait for some times.

So finally we got it!.

Purpose of the "net_user" cmd in windows ? 

The net_user cmd in windows is used to manage user ccount on a local or remote computer. It allows administrator and users with the necessary privilege to create, modify, delete and view user account and their settings from the cmd prompts.

Disclaimer

How to setup workgroup domain environment in windows 

Environment - It is the set of connection in which we try to perform the task. This help our operating system to work in the surroundings and lets the user do the task. 


By default our operating system works on workgroup.

There are two members of operating system -
1) workgroup 
2) Domain 

Workgroup Enviornment?

A workgroup is a basic network model in windows basic system where computers and connected to peer peer (p2p)  network.

Used in small network (eg home, or small office) where is computer operated independently without a centralised server for management.

Key features 

1) No centralized administrator 

-- Each computer has its own user account and its security setting. 

-- User must manually create accounts on each system they need access to. 


2) Peer to Peer Networking 

-- Computer work group acts as both client and server.

-- File and printer can be shared without dedicated server. 


3) Limited to small network 

-- Suitable for 10 to 20 computers 

-- Does not well scale for large enterprises. 


4) Independent security management 

-- No centralise authentication like active directory 

-- Users must login separately on each machine 


5) Simple set up and maintenance 

-- No need for domain controller on specialised IT staff

-- Cost home networks and small business

Advantages - 

• Simplicity
• No-central server
• Flexiability
• Decentralization
• Easy sharing

Disadvantages

• Scalability Issues
• Security concern
• no central backup
• administrative overhead
• inconsitent settings

 Lets do practical -

Practical on workgroup - we are going to have 2 virutal machine over windows 10 pro OS.

Deploying of Workgroup in that state -

1. On public network (PAN-Private Area Network)
2. Sharing file in public network
3. Establishing private network (offline)
4. Sharing file in  private network

 First we can see that we have two machine like first one is "windows 10 x64" and second one is "clone windows 10 x64"

Both machine are working in work-group : 

Now we will test both machine's IP reachable to each other or not.

NOTE - windows 10 x64 - Denote as an Administrator   

NOTE - clone of windows 10 x64 - Denote as an UserA

-- ipconfig (administrator) IP is 192.168.30.129

-- ipconfig (userA) IP is 192.168.30.131

userA

If we will check administrator's IP is reachable or not - so check it for this cmd ping 192.168.30.129 in userA account But as of now not accessible or request time out.

userA

 same as it If we will check UserA's IP is reachable or not - so check it for this cmd ping 192.168.30.131 in administrator account But as of now not accessible or request time out.

adminstrator

 So why it is coming like that because of internal connectivity is blocking so for this we will fix it by run cmd > win + r > and type "firewall.cpl" and hit enter 

adminstrator

adminstrator

 now  if we will check in userA account with the help of administrator account's IP with this cmd ping 192.168.30.129

userA

Now as it as same disable the firewall in userA account 

now it is working ping request (ping 192.168.30.129) in administrator account. 

administrator

File Sharing  

For file sharing in same network we will create folder first in administrator account > go to file's properties > go to "sharing" > and click on share.. button.

Now add everyone 

 and give permission "Read/Write" 

 click on "share" button 

then check on checkbox folder > then click on permission button  

  then go to advance sharing 

 then allow all permission and check on checkbox > click OK.

 In userA account you can access via win + r run command with the help of administrator account's IP ( //192.168.30.129 ) and hit enter. 

 If you want you can setup this network at one time then whenever you want you can access it like for this > right click on network > map network drive 

then type administrator account's IP (\\192.168.30.129\file-sharing) > finish.

Now you are able to file sharing to each other in same network (but different account like first one is actual windows 10 x64 and second one is clone of windows 10 x64)

NOTE - if in case it will ask for username & password then simple you can provide   

 File Sharing in Private Network 

File sharing in a private network (like a home or office LAN) involves configuring network settings to allow discovery and sharing, then sharing specific folders with defined permissions (Read/Write),  

For this we will go first VMware administrator account' setting . 

then go to network adapter section and set custom : specific virtual network and select vmnet4 > then press OK. 

same as it as we will do in userA VMware's setting.

After completing this setting type win + r and type ncpa.cpl and press OK > then right click on Ethernet0 and go to properties.  

then uncheck the IPv6 box > then check on IP4 checkbox > then double click on IPv4  

 then click on "use the following IP address"  > then type IP like 192.168.1.2 then when click on subnet mask column it will automatically assign subnet mask < OK < OK.

 then if you will check in administrator's IP in cmd prompt (ipconfig). so as you can see here IP is 192.168.1.2

 Now as it as repeat in userA account.

  then if you will check in userA's IP in cmd prompt (ipconfig). so as you can see here IP is 192.168.1.3

Now you can ping request in each account like that below image you can see in administrator account 

Disclaimer

How to create a new user in windows 10

Lets start with types of user account in windows. Here we are write few types of windows account - 

• Administrator
• user_standard / Local / Domain / Microsoft / Network etc
• Guest 

The account we create at the time of installation is called as user with administrative rights.

Administrator Account - The account have the full control over the system, can install / uninstall software, change system setting, manage users and modify security, This account will be used by the individual to manage, monitor and troubleshoot the account.  

Standard User Account (Local User) - This account is having limited permission, allows basic task like running application and changing personal settings ,This cannot install software or change system wide settings. This account is allowed for doing its daily basic task, what it is allowed for  

Guest Account (Deprecated in newer version) - Designed for temporary access with minimal permission.

Local Account - This account which, exist on a specific computer and is not connected to a network domain. This can a administrator or standard user account we also call as a standalone user.

Domain User Account - This is account managed by a domain controller in an active directory environment. This allows users to log in from any computer within the domain using the same credentials. This is generally controlled by IT administrator for security and access management.

How to create a new user in windows 10

 -- Open Run ( windows +R)

-- on the run type "lusrmgr.msc"

-- Right Click on the "Users" > Then click on the option "new user" > After clicking one dialog box will appear where you have to fill the necessary details where you have to fill the necessary details related to user like "Full name", "user name" "Description", "password", "confirm password", you will have the list of options select accordingly" > then click on the bottom "Create"

-- Close that dialog box > logout from the administrative account > try to login with the user that you created.

Disclaimer

How to activate / enable windows administrative account ?

Lets start with types of user account in windows. Here we are write few types of windows account - 

• Administrator
• user_standard / Local / Domain / Microsoft / Network etc
• Guest 

The account we create at the time of installation is called as user with administrative rights.

Administrator Account - The account have the full control over the system, can install / uninstall software, change system setting, manage users and modify security, This account will be used by the individual to manage, monitor and troubleshoot the account.  

Standard User Account (Local User) - This account is having limited permission, allows basic task like running application and changing personal settings ,This cannot install software or change system wide settings. This account is allowed for doing its daily basic task, what it is allowed for  

Guest Account (Deprecated in newer version) - Designed for temporary access with minimal permission.

Local Account - This account which, exist on a specific computer and is not connected to a network domain. This can a administrator or standard user account we also call as a standalone user.

Domain User Account - This is account managed by a domain controller in an active directory environment. This allows users to log in from any computer within the domain using the same credentials. This is generally controlled by IT administrator for security and access management.

How to activate/enable administrator account ? 

-- Press win + r and type  "lusrmgr.msc" without quotes.

-- After open click on "users"

-- Then go to "users" > Right click on "Administrator" > Then click on the option "properties" > uncheck the box > account is disable > Click on apply > then  after "OK".

-- again right click on "Administrator" > Click on the option > set password > one dialog box will appear where you have to type password > new password > confirm password > Then click on "OK" button.

Disclaimer