Update-AllUsersQA is a PowerShell script used to change or disable the security questions and answers for local users in a Windows 10 machine.
It is designed to allow admins to control the security questions in the environment and minimize the risk that arises from them.
The concept is covered in our BlackHat 2018 talk When Everyone's Dog is Named Fluffy: Abusing the Brand New Security Questions in Windows 10 to Gain Domain-Wide Persistence
Disable security questions on the machine (user who tries to reset will recieve an error alert):
Update-AllUsersQA
Set all answers to the same value "SecretAnswer" (user will see a message saying that the feature has been disabled, but it will infact remain active):
Usage: Update-AllUsersQA -answer SecretAnswer
Screen user receives after the answers were set to a single value (with "-answer" parameter provided):
Magal Baz
This project is licensed under the GNU General Public license
-
Nikhil "SamratAshok" Mittal
-
Illusive Networks Research team members:
- Dolev Ben Shushan
- Tom Kahana
- Hadar Yudovich
- Tom Sela
All attempts were made to give credit where credit is due. If you find that we used your code here without giving proper credit, please contact us at mbaz@illusivenetworks.com