The Complete Guide to Computer Security & Password Management

Reset forgotten passwords · Recover BitLocker keys · Block ransomware · Manage stored credentials · Lock down Windows privacy

🚨  Security or password emergency right now? Jump to the Quick Finder table below. Whether you are locked out of Windows, stuck in a BitLocker recovery loop, hit by ransomware, or trying to find passwords saved on a PC you can no longer access — find your exact symptom and go directly to the fix.

Introduction

Password security and computer protection are the two areas where mistakes hurt fastest. A forgotten Windows administrator password locks you out of your own machine. A BitLocker recovery loop can leave a perfectly working PC unbootable. A single click on a malicious email attachment can encrypt every file on your hard drive. Default Windows 10 privacy settings quietly upload your activity history, voice recordings, and diagnostic data to Microsoft’s servers. And if you do not know where Windows actually stores passwords, you cannot recover them when something goes wrong.

This pillar post is the definitive starting point on this site for everything related to security and password management. It covers all 14 guides in this cluster — from the best free security tools and antivirus software to protect your computer, to step-by-step ransomware response and prevention, to locking down Windows 10 privacy settings, to enabling the 10 built-in Windows 10 security features (Windows Defender SmartScreen, Credential Guard, UEFI Secure Boot, ELAM), to uninstalling Symantec Antivirus without the password, to fixing BitLocker that will not turn on with a TPM chip, to recovering BitLocker keys and breaking the recovery loop, to resetting forgotten Windows 7 user and administrator passwords, to resetting Windows 10 passwords, to finding out exactly where Windows stores your passwords (SAM database, Credential Manager, registry locations), to exporting saved passwords from Internet Explorer, to enabling and disabling USB ports via the registry. Each section is written for the user facing the problem today.

📌  Who this guide is for Home users locked out of Windows or hit by ransomware, IT support engineers managing BitLocker and antivirus across corporate fleets, system administrators configuring Windows 10 security features, anyone migrating saved passwords from one browser or PC to another, and users who want to lock down Windows 10 privacy settings to stop telemetry uploads. Covers Windows 7, 8, 10, and 11.

SECTION 1   Why Security and Password Problems Are So Costly

Security failures share a defining characteristic — by the time you notice the symptom, the damage is often already done. A ransomware attack is invisible until the encryption note appears on your screen, by which point every file on your computer is already locked. A weak Windows password is fine until someone tries to brute-force it, and then your entire PC and saved credentials are exposed. A BitLocker recovery loop appears the morning your laptop reboots after a Windows update, and your encrypted drive is suddenly unreadable. Privacy settings that ship turned-on by default in Windows 10 quietly upload your activity history, voice keywords, location data, and diagnostic information to Microsoft’s servers — and most users never realise.

The four foundational principles that prevent the majority of security disasters are: keep antivirus and operating system patches up to date, save and back up BitLocker recovery keys before you ever need them, use a password manager rather than reusing weak passwords, and audit Windows privacy settings on every new install. Every guide in this cluster ties back to one or more of those principles.

The four most common security mistakes that cost users their data

• Saving sensitive files without backups — when ransomware strikes, the only safe option is to wipe and restore from backup. Without a backup, you either pay the ransom (which often does not work) or lose the data permanently.
• Not recording the BitLocker recovery key — Windows can demand the 48-digit recovery password after a routine update, motherboard change, or BIOS reset. Without it, the encrypted drive is permanently inaccessible.
• Reusing the same password across multiple sites — one site breach exposes every account using that password. A password manager (KeePass, Dashlane, LastPass, RoboForm) eliminates this risk.
• Leaving Windows 10 default privacy settings active — activity history, voice activation, microphone keyword listening, location services, app diagnostics and background apps all upload data continuously to Microsoft.

SECTION 2   Quick Finder: Identify Your Problem

Find your exact symptom and jump directly to the right fix.

Your situation right now	Most likely cause	Go to
Computer hit by ransomware — files encrypted	Malicious attachment or social media link clicked	Section 4 — Ransomware Response
Want to install best free antivirus and security tools	No active protection on the PC	Section 3 — Best Security Tools
Want to stop Windows 10 uploading my activity to Microsoft	Default privacy settings are on	Section 5 — Windows 10 Privacy
Want to enable Windows 10 built-in security features	SmartScreen, Credential Guard, ELAM not configured	Section 6 — Windows 10 Security Features
Need to remove Symantec antivirus but do not have password	Symantec Endpoint Protection password protection	Section 7 — Uninstall Symantec
BitLocker will not turn on even with a TPM chip	TPM not enabled in BIOS or UEFI not set	Section 8 — BitLocker TPM Fix
Stuck in a BitLocker recovery loop on Windows 10	Recovery key prompts repeatedly even when correct	Section 9 — BitLocker Recovery Loop
Forgot Windows 7 user account or administrator password	No password reset disk available	Section 10 — Windows 7 Password Reset
Forgot Windows 10 password and locked out	No Microsoft account recovery option	Section 11 — Windows 10 Password Reset
Need to find where Windows stores passwords on PC	Looking for SAM database, Credential Manager	Section 12 — Password Storage
Need to export saved passwords from Internet Explorer	Migrating to new PC or Edge browser	Section 13 — Export IE Passwords
Need to disable USB ports to prevent data theft	Corporate or shared PC needs lockdown	Section 14 — USB Port Control

SECTION 3   Best Free Security Tools and Antivirus Software

A layered approach to computer security combines multiple specialised tools rather than relying on a single antivirus product. The right combination protects against different threat categories: network monitoring catches unusual outbound connections, anti-spyware detects keyloggers and tracking cookies that traditional antivirus misses, and a password manager prevents credential theft from being a catastrophic event. Below are 16 free security tools and 11 free antivirus and anti-spyware applications that protect home and small business computers against viruses, malware, spyware, rootkits, keyloggers, adware, dialers, worms, ransomware, and unauthorised access.

Network and system monitoring

• GlassWire — visual network monitor showing real-time and historical traffic, bandwidth usage, and remote alerts when suspicious activity is detected.
• RogueKiller — scans active processes and terminates suspicious activity to free up memory consumed by background malware.
• Black Belt Privacy — encrypted file transfer for sharing confidential designs and data securely.
• PC On/Off Time — tracks when the computer was switched on, the duration of usage, and when it was turned off. Particularly useful for parental monitoring.
• Kid Logger Pro — invisible web browsing activity logger that runs in the background to monitor children’s online activity.
• Web Watcher — Java-based web page monitoring tool that tracks specified URLs for changes.
• Portable DNS Cache — records DNS cache for analysis. Useful for detecting DNS hijacking.

File and folder protection

• My Lockbox — locks confidential folders with password protection, preventing unauthorised access and editing.
• Burn Protector Enterprise — enforces permissions on multiple computers to keep confidential data protected from unauthorised burning to disc or USB.
• Simple Desktop Lock — locks the Windows desktop to prevent unauthorised access while away from the PC.
• The Web Blocker — proxy utility for blocking specific websites and recording internet history per account.

Password managers — the single most important security tool

• KeePass Password Safe — open source password manager, stores credentials in an encrypted local database, supports browser integration. The most recommended free option for technical users.
• Dashlane — organises credentials within a password-protected interface, with secure sharing features.
• LastPass — stores passwords in one secured location and supports Internet Explorer, Firefox, Chrome, Opera, and Safari.
• RoboForm — stores and manages login information and bookmarks, with browser integration support.
• Password Safe — minimalist password manager for storing complex password combinations.

Free antivirus and anti-spyware

• SUPER AntiSpyware — advanced detection and removal of rogue security products, hijackers, parasites, rootkits, spyware, Trojans, dialers, worms, keyloggers, adware, and other threats. Real-time blocking included. Compatible with all Windows versions including Windows 10 and 11.
• Ad-Aware — combined antivirus and anti-spyware engine providing two-way protection.
• Spybot Search & Destroy — scans for spyware and removes it, with preemptive protection measures and regular signature updates.
• Spyware Terminator — multi-mode malware scanner with PC optimisation and startup item management.
• Avast Antivirus — intuitive scanning with multiple advanced and customisable detection methods.
• Avira Free Antivirus — lightweight anti-malware solution with strong performance benchmarks.
• Bitdefender Free Edition — runs quietly in the system tray with continuous background scanning.

💡  Layered defence is more effective than any single tool No single antivirus catches every threat. Combine a real-time antivirus (Bitdefender or Avast) with a dedicated anti-spyware tool (SUPER AntiSpyware or Spybot) and a password manager (KeePass or Dashlane). This three-tool combination defends against the largest threat surface for less effort than a single paid security suite.

Step-by-step guide:

• →  Best free security tools and antivirus software for home computers  — 16 security tools, 11 antivirus options, layered defence strategy

SECTION 4   How to Handle a Ransomware Alert on Your Computer

A ransomware alert is one of the most stressful things a user can encounter. The screen suddenly displays a warning that all files have been encrypted and a payment is required to recover them. Before that note appears, the malware has already silently encrypted documents, photos, spreadsheets, and any connected network shares. The crucial first decisions in the next 60 seconds determine whether you recover quickly or lose data permanently.

How ransomware reaches your computer

Ransomware most commonly arrives through three vectors: spoofed emails containing malicious attachments that the user opens, social media posts and direct messages with links that trigger malware downloads when clicked, and infected legitimate websites that exploit unpatched browser plugins (Java, Adobe Flash, etc.) to install malware silently. The deception relies on social engineering — convincing users to click something that looks legitimate.

The 60-second response if you see a ransomware alert

1. Disconnect the network cable or turn off Wi-Fi immediately. This stops the ransomware from spreading to network shares and other connected devices.
2. Power off the computer. Do not save files, do not close applications normally — pull the power if necessary.
3. Boot from a clean Windows installation media or rescue disc. Do not boot back into the infected system.
4. Scan attached drives with a clean antivirus from the rescue environment to identify the strain.
5. Restore from your most recent uninfected backup. If you have OneDrive, an external hard drive backup, or a Karen Replicator scheduled backup, this is when it pays off.

Prevention — what to do before ransomware strikes

1. Install antivirus and keep its signature updates applied automatically.
2. Keep Windows, browser plugins (Java, Adobe), and operating system patches current — most ransomware exploits known vulnerabilities that have already been patched.
3. Apply the 3-2-1 backup rule: 3 copies of data, on 2 different media types, with 1 copy off-site or in the cloud. Karen Replicator (free) and OneDrive give you reliable scheduled and cloud backups.
4. Clear browser cookies and cached files regularly — these can store session tokens that malware uses to escalate access.
5. Do not open emails or click links from unrecognised senders. Verify the URL before clicking links inside emails by hovering over them first.
6. Do not give personal information through websites, emails, or SMS messages. Banks and reputable services never ask for credentials this way.

⚠️  Do not pay the ransom Paying does not guarantee recovery — many ransomware operations take the payment and never provide a working decryption key. Paying also funds future attacks and identifies you as a soft target for repeat attempts. Restore from backup instead.

Step-by-step guide:

• →  How to handle a ransomware alert on your computer  — Detection, response, prevention, backup strategy

SECTION 5   How Windows 10 Sneaks Into Your Privacy — and How to Stop It

Windows 10 ships with telemetry features enabled by default that quietly upload data to Microsoft’s servers — typically once a week or fortnightly. The data includes activity history, voice activation logs, diagnostic information, application usage statistics, and location data. Most users have no idea this is happening because the settings are spread across multiple privacy panels and the descriptions are deliberately vague. The good news: every one of these settings can be disabled in under 10 minutes.

Disable Activity History upload

• Go to Settings → Privacy → Activity history.
• Turn off the accounts under “Show activities from these accounts.”
• Untick “Store my activity history on this device.”
• Untick “Send my Activity to Microsoft.”

Disable Diagnostic Data and Tailored Experiences

1. Go to Settings → Privacy → Diagnostics & feedback.
2. Turn off “Tailored experiences.”
3. Turn off “View diagnostic data.”
4. Click “Delete diagnostic data” to remove what has already been uploaded.
5. Change “Feedback frequency” to Never.

Disable Voice Activation Microphone Listening

When voice activation is enabled, the microphone listens continuously for keywords — even when the device is locked. This means your conversations near the PC are being processed in real time. Disable it via Settings → Privacy → Voice activation → turn off “Allow Apps to use Voice activation when this device is locked.”

Disable Inking & Typing Personalisation

Settings → Privacy → Inking & typing personalisation → turn off. This stops Windows from sending your typing patterns and ink strokes to Microsoft for “personalisation.”

Disable General Privacy Settings

• Turn off App diagnostics — prevents apps from accessing system diagnostic data.
• Turn off Background apps — improves system performance and stops apps running in the background.
• Turn off “Allow apps to access your call history.”
• Turn off “Allow apps to access your Account info.”
• Turn off “Allow apps to access your notifications.”
• Turn off “Allow apps to access your location.”

Step-by-step guide:

• →  How Windows 10 sneaks into your privacy — full settings audit  — Activity history, voice activation, microphone, location, diagnostics

SECTION 6   10 Built-In Windows 10 Security Features You Should Enable

Windows 10 version 1703 and later ship with 10 built-in security features that significantly harden the operating system against malware, exploits, and credential theft attacks — but most are not enabled by default. The features were designed to make exploitation extremely difficult: they break the most common attack methods, prevent privilege escalation, and protect the boot process from rootkit infection. For personal use, prioritise enabling Windows Defender SmartScreen, Credential Guard, Microsoft Defender Antivirus, and UEFI Secure Boot. For corporate environments, enable all 10.

The 10 built-in Windows 10 security features

Feature	What it protects against	Priority
Windows Defender SmartScreen	Malicious software downloaded from internet	High — enable for all
Credential Guard	Pass-the-Hash / Pass-the-Ticket attacks	High — credential theft
Enterprise Certificate Pinning	Man-in-the-middle PKI attacks	Medium — corporate
Device Guard	Untrusted applications and malware	High — application control
Microsoft Defender Antivirus	Viruses and malware	High — always on
Untrusted Font Blocking	Malicious font files used for privilege escalation	Medium — corporate
Memory Protection	Memory manipulation by malware	High — built-in
UEFI Secure Boot	Bootkits and rootkits at boot time	High — enable in BIOS
Early Launch AntiMalware (ELAM)	Driver-based rootkits	High — automatic
Device Health Attestation	Verifies devices joining a corporate network	Medium — corporate

How to enable Windows Defender SmartScreen

1. In the search bar, type “Windows Security” and open the app.
2. Select App & browser control → Reputation-based protection settings.
3. Turn ON Check apps and files — warns when downloading potentially dangerous apps.
4. Turn ON Microsoft Defender SmartScreen for Microsoft Edge — warns when downloading files in Edge.
5. Turn ON Potentially unwanted app blocking — blocks PUA downloads in Edge.
6. Turn ON SmartScreen for Microsoft Store apps — warns about potentially dangerous Store apps.

How to verify Credential Guard is active

Credential Guard isolates credentials from the rest of the OS using virtualisation-based security, preventing Pass-the-Hash and Pass-the-Ticket attacks that have historically been very effective against Windows networks. Verify it is running by opening msinfo32 and checking “Virtualization-based security” — should report “Running” with services list including “Credential Guard.”

Step-by-step guide:

• →  10 built-in Windows 10 security features that protect against any threats  — SmartScreen, Credential Guard, ELAM, UEFI Secure Boot, Device Guard

SECTION 7   How to Uninstall Symantec Antivirus Without a Password

Symantec Endpoint Protection (formerly Symantec Antivirus) prompts for a password when uninstalling. The default password is “symantec” — but if your IT department changed it, the standard install/remove method fails. Removing manually risks corrupting the operating system because Symantec’s registry entries, services, and DLLs are deeply embedded across the system. The safe way is to disable the password protection in the registry first, then uninstall normally through Add/Remove Programs.

Step-by-step uninstall without password

Important: back up the registry before making any changes. Open Registry Editor and export the entire registry to a .reg file you can re-import if anything goes wrong.

• Click Start → type regedit → press Enter.
• Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
• Look for the values smcexit or smcexit-test → right-click each → Delete.
• In the same key, look for smcinstdata → right-click → Delete.
• Close Registry Editor.
• Go to Control Panel → Programs and Features → Add/Remove Programs.
• Select Symantec Antivirus / Symantec Endpoint Protection → click Uninstall. The password prompt is now bypassed.

How to remove Symantec antivirus plug-in from Outlook 2010

Recent Symantec versions install an Outlook plug-in (LDVP) that scans incoming email and attachments. This plug-in can degrade Outlook performance significantly or cause Outlook errors on launch. To remove just the plug-in without uninstalling the full antivirus:

• In Outlook → File → Options.
• Click Add-ins on the left side.
• In the Manage drop-down at the bottom, select COM Add-ins → click Go.
• Untick the box next to Symantec Antivirus or LDVP.
• Click OK and restart Outlook.

Step-by-step guide:

• →  How to uninstall Symantec antivirus without password  — Registry edit, smcexit and smcinstdata removal, Outlook plug-in removal

SECTION 8   BitLocker Will Not Turn On Even With a TPM Chip

BitLocker drive encryption is one of Windows 10’s strongest built-in security features — but it requires a TPM (Trusted Platform Module) chip and a specific BIOS/UEFI configuration. A common scenario when migrating from Windows 7 to Windows 10 Enterprise on Dell laptops: the laptop has a TPM chip on the motherboard, Windows 10 detects it, but BitLocker refuses to turn on with an error like “This device cannot use a Trusted Platform Module.”

Why BitLocker fails to turn on with a TPM chip present

• BIOS boot mode is set to Legacy instead of UEFI — BitLocker requires UEFI boot mode.
• Windows is 32-bit instead of 64-bit — BitLocker requires a 64-bit OS.
• Device Manager → Security Devices does not show “Trusted Platform Module 2.0” — TPM is not enabled in BIOS even though the chip is physically present.
• TPM.MSC console reports TPM is not ready to use.
• TPM firmware is out of date and needs an update from the manufacturer.

Step-by-step fix

• Reboot and enter BIOS. Set boot mode to UEFI (typically under Boot Sequence or Boot Mode).
• Confirm Windows is 64-bit (System → About).
• In BIOS, navigate to Security → TPM 2.0 Security. If this option is missing, the computer does not have a TPM chip.
• Tick: TPM ON, PPI Bypass Enable Commands, SHA-256, Attestation Enable, Key Storage Enable, Enable.
• Save BIOS changes and reboot into Windows.
• Open Device Manager → expand Security Devices → confirm “Trusted Platform Module 2.0” appears.
• Type “TPM.MSC” in the search bar to open the TPM Management console. Confirm status reads “TPM is ready to use.”
• If TPM 2.0 still does not appear in Device Manager, return to BIOS → Security → TPM 2.0 Security → tick “Clear” → save and reboot. This clears any old TPM ownership state.
• If issues persist, download the latest TPM firmware from the laptop manufacturer’s site (Dell, HP, Lenovo) and install it.

Step-by-step guide:

• →  Why BitLocker does not turn on even with TPM chip  — UEFI boot mode, TPM 2.0 BIOS settings, firmware update, Dell-specific

SECTION 9   Recover BitLocker Keys and Break the Recovery Loop

A BitLocker recovery loop is one of the most alarming experiences a Windows user can have. The PC suddenly demands the 48-digit recovery password every time it boots — even if you enter the correct key, it just prompts again on the next boot. The cause is usually a sudden system crash, motherboard hardware change, BIOS update, or a Windows update that triggered BitLocker’s self-protection mechanism. There are two scenarios: you have the recovery key but the loop persists, or you have lost the key and need to recover it from your Microsoft account.

Scenario 1: You have the BitLocker recovery key but the loop continues

Use the manage-bde command to suspend BitLocker protection so Windows can boot:

• When the BitLocker recovery key prompt appears, skip to “Choose a different option.”
• Select Troubleshoot → Advanced options → Command Prompt.
• In the command prompt, unlock the drive:

manage-bde.exe -unlock C: -rp <YOUR-48-DIGIT-RECOVERY-KEY>

• Suspend BitLocker protection on the OS drive:

manage-bde.exe -protectors -disable C:

• Exit the command prompt and continue to boot into Windows.

Scenario 2: You lost the BitLocker recovery key — recover from Microsoft account

If you signed into Windows with a Microsoft account when BitLocker was first enabled, the recovery key is stored in your Microsoft account online — even if you do not have it written down or saved on a USB drive. This is the only way to recover the key for a standalone PC where the key was not manually exported.

• On a different working device, go to: account.microsoft.com/devices/recoverykey
• Sign in with the Microsoft account associated with the locked PC.
• All BitLocker recovery keys associated with your devices are listed.
• Type the matching key into the BitLocker recovery prompt on the locked PC.
• Once Windows boots, write the key down somewhere safe and consider generating a new key.

⚠️  Without a recovery key and no Microsoft account backup, the data is unrecoverable BitLocker is a one-way encryption — there is no backdoor. If you used a local Windows account when enabling BitLocker and did not export the recovery key, the data on the drive is permanently inaccessible. This is a critical reason to always sign into a Microsoft account before enabling BitLocker.

Step-by-step guide:

• →  How to recover BitLocker keys and break the recovery loop  — manage-bde commands, Microsoft account recovery key portal, suspend protection

SECTION 10   Reset Forgotten Windows 7 User & Administrator Passwords

Forgetting the Windows 7 administrator password locks you out of every administrative function on the PC — installing software, changing system settings, accessing other user accounts. There are two reliable methods to reset it: the Trinity Rescue Kit Linux boot disc, or the Sticky Keys / Magnifier registry trick using an Ubuntu live USB. Both work on Windows 7 (Home, Professional, Enterprise, Ultimate, Starter) and the second method also works on Windows 8 and Windows XP.

Method 1: Trinity Rescue Kit

Trinity Rescue Kit 3.3 is a free Linux-based bootable tool that can reset passwords on Windows XP, Vista, and 7. Download the ISO, burn it to a CD/DVD or use UNetbootin to create a bootable USB. Boot the locked PC from the Trinity disc, follow the menu prompts to select the Windows partition and the user account, and reset the password.

Method 2: Magnifier / Sticky Keys trick (advanced)

This method swaps the Windows accessibility tool with the command prompt, giving you administrator-level access at the login screen. It works because Magnifier.exe runs as SYSTEM before login.

• Download LinuxLive USB Creator and Ubuntu OS ISO. Create a bootable Ubuntu USB.
• Boot the locked PC from the Ubuntu USB → select “Try Ubuntu” (do not install).
• Open the file manager → navigate to the Windows partition → C:\Windows\System32.
• Locate cmd.exe → rename to cmd1.exe.
• Locate Magnify.exe → rename to cmd.exe.
• Rename cmd1.exe to Magnify.exe (this swaps the two executables).
• Reboot, remove the USB, and let Windows 7 boot normally.
• At the Windows login screen, click the Ease of Access icon (bottom-left) → tick “Make items on the screen larger (Magnifier)” → click Apply.
• A command prompt opens with SYSTEM privileges. Type:

net user

to list user accounts. Then reset the administrator password:

net user administrator NewPassword@123

• Close the command prompt and log in with the new password.

If the Administrator account is locked or disabled

After multiple failed login attempts, Windows may disable the Administrator account. Re-enable it from the same elevated command prompt:

net user Administrator /active:yes

Step-by-step guides:

• →  How to reset user account password in Windows 7  — Trinity Rescue Kit method, bootable USB creation
• →  Forgot administrator password Windows 7 — solved  — Ubuntu live USB, Magnifier swap trick, net user commands

SECTION 11   How to Reset a Forgotten Windows 10 Password

Resetting a Windows 10 password is more involved than Windows 7 because Microsoft changed the recovery flow significantly. The approach depends on whether you used a Microsoft account or a local account when setting up Windows. The Magnifier swap method from the Windows 7 guide also works on Windows 10, with one caveat: Windows 10 Defender SmartScreen may flag the modified Magnifier.exe and prevent it from running. The bootable password reset disk method is more reliable on Windows 10.

Three methods that work on Windows 10

• Microsoft account password reset — if you signed in with a Microsoft account, reset the password online at account.live.com/password/reset and Windows will accept the new password on next sign-in.
• Password reset disk — if you created a Windows 10 password reset disk in advance (USB drive), use it from the login screen → Reset password link.
• Bootable USB with Lazesoft, Ophcrack, or PCUnlocker — these tools boot the PC, locate the SAM database, and reset password hashes for any local account. Free and paid options exist.

Strong password recommendations

After resetting, set a password that is hard to brute-force but easy for you to remember. Microsoft offers a free Advanced Password Generator app in the Microsoft Store that creates strong passwords meeting most enterprise complexity requirements. A good password is at least 12 characters with mixed case, numbers, and symbols — and is unique per account. Use a password manager (KeePass, Dashlane, LastPass) so you do not have to remember dozens of unique passwords.

Step-by-step guide:

• →  How to reset Windows 10 password  — Microsoft account reset, password reset disk, bootable USB tools

SECTION 12   Where Windows Stores Your Passwords (SAM, Credential Manager, Registry)

Understanding where Windows stores passwords is critical for both recovery and security. When you log into a Windows computer, your typed credentials are validated against the Security Accounts Manager (SAM) database stored locally on the machine. The Winlogon.exe process manages secure user interactions and passes credentials through Secur32.dll to the Local Security Authority (LSA) for validation. Knowing the storage locations is what makes recovery tools possible — and what makes proper security configuration essential.

Windows password storage locations

Storage location	What it contains
SAM database	All local user accounts and their hashed passwords (Windows authentication core)
HKEY_LOCAL_MACHINE\SECURITY	Local security information and policy data
Credential Manager (Windows Credentials)	Saved Windows login credentials for network shares and remote PCs
Credential Manager (Web Credentials)	Saved website login credentials accessed via Internet Explorer or Edge legacy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces	Wi-Fi network passwords stored in registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	DefaultPassword (auto-login password if configured)
HKEY_LOCAL_MACHINE\SECURITY\cache	Cached domain credentials for offline domain login
Chrome saved passwords	chrome://settings/passwords (Chrome stores in Google account)

How to view your saved Windows credentials

• Open Control Panel.
• Navigate to: Control Panel → All Control Panel Items → Credential Manager.
• You see two sections: Web Credentials (saved website logins) and Windows Credentials (saved network/share logins).
• Click any entry → click Show to view the password (requires confirming your Windows password).

Cached domain credentials — how offline domain login works

When you log into a domain-joined computer, your credentials are validated by a domain controller. If the domain controller is unreachable (you are off the corporate network, or the server is down), Windows uses cached credentials stored locally to validate your login. These cached credentials are stored in HKEY_LOCAL_MACHINE\SECURITY\cache. By default, Windows caches the last 10 successful domain logins.

Credential Guard — how Windows 10 protects credentials

Credential Guard, introduced in Windows 10 Enterprise, isolates the LSA process in a virtualised secure container. This prevents Pass-the-Hash and Pass-the-Ticket attacks that were historically effective at extracting credentials from memory. Verify Credential Guard is running by opening msinfo32 → System Summary → check “Virtualization-based security” reports “Running” with “Credential Guard” listed in the services list.

Step-by-step guide:

• →  Where Windows stores passwords on PC  — SAM database, Credential Manager, registry locations, Wi-Fi passwords

SECTION 13   Export Saved Passwords from Internet Explorer

Migrating saved passwords from Internet Explorer to a new computer or to Microsoft Edge has been frustrating because Microsoft never provided a built-in export tool — and many third-party utilities (VaultPasswordView, IE PassView) either do not work on Windows 10 and 11 or come bundled with malware. The solution is to use the Microsoft Edge browser sync feature, which migrates Internet Explorer’s saved web credentials transparently and then provides a proper CSV export option.

The working method — sync via Microsoft Edge

• Download and install Microsoft Edge from the official Microsoft site. Run the installer.
• When Edge launches the welcome screen, click Get Started.
• On the screen titled “See your favorites, passwords, history and more on any device” — toggle the Sync switch to ON (turns blue, says Yes). This step is critical — if you skip it, the IE passwords will not migrate.
• Sign in with your Microsoft account (or create one at outlook.com if you do not have one).
• Edge synchronises favorites, passwords, and history from Internet Explorer’s Credential Manager → Web Credentials store. This may take a few minutes the first time.

Export from Edge to CSV

• In Edge, go to: edge://settings/passwords
• Click the three dots (⋯) next to “Saved passwords.”
• Click Export passwords. Confirm the prompt by entering your Windows password.
• Save the CSV file. This is your portable password backup that can be imported into any other browser or password manager.

⚠️  Do not edit the registry or GPO settings to fix sync issues Other tutorials suggest registry tweaks or Group Policy changes to fix Sync issues — these can corrupt your Windows installation and force a system reset. The Edge sync method above is the only safe fix.

Step-by-step guide:

• →  How to export saved passwords from Internet Explorer in Windows 10  — Microsoft Edge sync, browser profile, CSV export

SECTION 14   Enable or Disable USB Ports in Windows (Registry)

Disabling USB ports is a common requirement in corporate environments to prevent data theft via USB drives, infection from infected USB devices, and unauthorised data transfer. The Windows registry contains a single value that controls whether USB storage devices are enabled — changing it disables all USB drives without affecting USB keyboards, mice, or other peripherals (which use different drivers).

How to disable USB storage devices

• Click Start → Run → type regedit → press Enter.
• Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
• In the right pane, double-click “Start.”
• Set Value data to 4. Confirm Hexadecimal is selected. Click OK.
• Close Registry Editor. USB storage devices will be blocked on next reboot.

How to re-enable USB storage devices

• Open Registry Editor → navigate to the same key.
• Double-click “Start.”
• Set Value data to 3 (the Windows default for enabled USB storage). Click OK.
• Close Registry Editor. USB drives will work again on next reboot.

Important — what this does and does not block

• Blocks: USB flash drives, USB hard drives, USB SSDs, USB card readers, USB CD/DVD drives.
• Does not block: USB keyboards, USB mice, USB printers, USB scanners, USB webcams, USB headsets — these use different driver classes.
• Does not prevent USB storage from being used at the BIOS/firmware level — for that, you need to disable USB in BIOS, which requires a BIOS password to prevent users from re-enabling.

💡  For corporate fleet management, use Group Policy instead For managing many PCs, Group Policy provides a centralised way to disable USB storage with auditing. Local Computer Policy → Computer Configuration → Administrative Templates → System → Removable Storage Access → “All Removable Storage classes: Deny all access” → Enable.

Step-by-step guide:

• →  How to enable and disable USB ports in Windows  — UsbStor registry key, value 3 enable, value 4 disable

Frequently Asked Questions

Conclusion

Computer security is built on a small number of foundational habits: install antivirus and keep patches current, enable Windows 10’s built-in security features (SmartScreen, Credential Guard, UEFI Secure Boot), use a password manager rather than reusing passwords, back up BitLocker recovery keys to your Microsoft account before you need them, audit Windows 10 privacy settings on every install, and maintain at least one recent offline backup of your data. Each of these takes minutes to set up and prevents the most common categories of security disaster.

The guides in this cluster cover the specific scenarios most users will face — being locked out of a Windows account, encountering a BitLocker recovery loop, dealing with ransomware, migrating saved passwords between browsers, and securing USB ports against data theft. Use the Quick Finder table at the top of this guide to identify your scenario and follow the link to the detailed walkthrough.

🔗  More topic clusters on this site Windows OS Troubleshooting & Performance  |  Data Recovery & Storage Management  | Networking, VPN & Remote Access  |  Security & Password Management  |  Microsoft Office & Productivity Apps

External References

→  Microsoft: Windows Security documentation — official reference

→  CISA: StopRansomware — US government ransomware response guidance