Swif’s User Authorization Policy for Windows enables IT admins to control whether users on managed devices can modify their passwords locally. This is especially useful in environments where you want to lock down password changes for standard (non-admin) accounts.
1. What Does the Policy Do?
Allow Passcode Modification:
If Enabled, standard Windows user accounts are allowed to change their own passwords on the local machine.
If Disabled, standard Windows user accounts cannot perform local password changes.
This setting does not affect administrator accounts on Windows (admins can always change passwords).
Minimum Requirements
Operating System: Windows 10 or later
Swif Agent: Must be installed and up-to-date on the target device.
2. Creating or Editing the User Authorization Policy
Go to Policies
In the Swif Admin Console, click Device Management → Policy.
Create New or Edit Existing
Click Create New Policy (or edit an existing one) and select User Authorization Policy.
Name and Describe
Provide a Policy Name and (optional) Policy Description to clarify its purpose (e.g., “Prevent standard users from changing passwords”).
Configure Settings
Allow Passcode Modification: Check (enable) or uncheck (disable) this option depending on whether you want standard users to change passwords.
Click Continue
After configuring, click Continue to assign the policy to your devices.
3. Applying the Policy to Devices
Select Devices or Device Groups
Choose which Windows 10+ devices or device groups should enforce this policy.
Review and Save
Verify your settings in the Review step.
Click Save (or Finish) to apply the policy. Swif will push it to the selected devices upon their next check-in.
4. Verifying the Policy
On a Standard User Account:
Try to change the local Windows password via Settings → Accounts → Sign-in options.
If Allow Passcode Modification is enabled, the user can complete the password change.
If disabled, the user should see an error or be unable to change the password.
On an Administrator Account:
The policy doesn’t restrict admin users, so an admin account can still change its own password.
5. Troubleshooting & Tips
Ensure Devices Are Online: The policy applies at next check-in. Confirm devices have internet access and the latest Swif Agent.
Limitations: This policy only affects standard accounts on Windows. It won’t prevent domain-based password changes in an Active Directory environment—those are governed by domain policies.
Audit & Reporting: Use Swif’s dashboards or logs to confirm that the device successfully applied the policy.
6. Frequently Asked Questions
Q: Does this policy prevent domain password changes for Active Directory users?
A: No, the policy controls local Windows password changes for standard users. Domain password changes are still handled by domain policies.
Q: Will administrators be restricted from changing passwords if I disable “Allow Passcode Modification”?
A: No, admin accounts remain unaffected by this setting.
That’s it! By utilizing the User Authorization Policy for Windows in Swif, you can easily prevent (or allow) local password changes by standard users on the device, increasing security and compliance in your organization. If you have further questions, contact Swif Support.