Are you asking how to prevent someone from resetting/removing a password offline?
If you are using local accounts with passwords then your option would be to use full disk encryption. That would prevent offline password attacks.

If you you're using any form of modern authentication (Windows Hello family of authentication methods) then the authentication data is stored in the TPM and not the SAM database.
Top Bottom