Make Redmond angry by setting up Windows 11 with a local account Redmond really – and I mean really – wants you to log into Windows 11 with a Microsoft account. If you're setting up your own computer, rather than using a centrally managed one, Windows 11 assumes you have and want to associate the PC with a Microsoft account during installation. That's a problem if you place a higher premium …
This goes beyond "dark patterns" and into the realms of "what do you mean you couldn't find the Local User option, it was in a filing cabinet in a disused lavatory cubicle behind a locked door with a sign saying Beware Of The Leopard..."
Anyway, thank you for a useful article. The necessary incantations change every few months, as Microsoft slowly boil the Windows 11 userbase frog and make it more and more difficult to avoid using a Microsoft account.
You might also mention that not entering a password during setup is a handy way to dodge the "3 security questions" rigmarole. The article alludes to it but presents it as a Bad Thing. Personally I use a password manager and don't need "security questions" - so I leave the password blank during Setup, and set it after installation.
NOBODY ever remembers the answers to those stupid "security questions" so bypassing them is ALWAYS a good thing.
And I've always set up Windoze without a password and set it later, easier to deal with during that initial setup when it's rebooting all the time.
Don't know why you were downvoted, I also use Keepass to generate random answers to these questions. The one time I was asked one of those answers on the phone, I had much fun dictating a 20-char string of gibberish as my mother's maiden name and having it confirmed as correct.
> NOBODY ever remembers the answers to those stupid "security questions" so bypassing them is ALWAYS a good thing.
Why not answer the question with the question information itself?
For example:
Q: "What is the name of your first pet?"
A: "First pet".
Exactly, it's additional attack surface.
Role-playing an attacker: "I've tried obvious password guesses like Passw0rd!, and those don't get me in, they've obviously taken advice and chosen a strong password, let's try guessing answers to security questions instead. Was my first pet called Spot?"
Not only does more attack surface mean more vulnerabilities, why try to batter the door down if the window is open?
(The obvious answer here is not to have windows; or Windows, for that matter, see what I did there?)
Went into the Microsoft place in Regent Street before it shut for good (earlier in the year) as I was waiting for someone working nearby. Inside there was someone at or approaching OAP (Senior) age, asking how they could set up their PC without an account. Staff were doing their best to explain the supposed benefits of an account but this wasn’t workidng. He couldn’t have cared less about the benefits and told them so. All he wanted to know was how to do it, everything else was irrelevant. Eventually he said that he wasn’t sure there was any point in continuing the conversation as they obviously hadn’t understood the question or didn’t know the answer.
V.Good article by the way.
Some org that I needed to sign into required three questions and answers.
I made them as revolting and profane as I could at the time, prob could do better now, we're always learning and growing.
Important part is that those provoked comment from a phone agent, which means they *can* and likely *will* use them for whatever purposes, possibly to include profile-building.
Good of you to provide a decent guide, but whew - this has reached the point that running windows on a computer is an exhausting, miserable endeavour that requires extensive preparation and planning.
Very much a last-ditch effort, once every other *possible* option has been ruled out.
They can make manual installation a pain in the ass because they know only a couple percent of the overall Windows userbase will ever do it. Almost everyone buys a PC with Windows preinstalled or is provided one that's preinstalled/preconfigured at work.
Making it a pain is a feature for their OEMs because they don't want it to be easy for people to wipe/reinstall their Dell PC without the bloatware Dell adds and the third party bloatware Dell is paid to add. OEMs further discourage that by offering the "recovery partition" which installs the same crappy bloatware laden vendor version, and even though it is technically illegal they make it really hard to get support for it if you aren't using their preinstalled support tools.
If all PCs were sold without an OS and Windows and Linux competed to win customers who had to do from scratch installs Microsoft would be incentivized to make it as simple as possible.
I used it long after it's heyday, but even I finally gave up in the late 2010s after changes of ownership, increasing tolerance of trolls and the general tone going downhill.
Slashdot has probably grown smaller, but the Internet in general is much bigger than 20+ years ago and used to dealing with that level of traffic.
Last time I tried posting to Slashdot, Anonymous comments were disabled (understandably, given the horrendous trolling problems that site's seen), and the "create new account" process was disabled too.
I get the impression it's just home to a dwindling number of older accounts now.
> "the "create new account" process was disabled too"
I just had a look. Technically, you can still sign up, but to all intents and purposes... you're correct.
I clicked the "sign up" link. I was taken to a page with nothing but the Slashdot logo and some completely plain text (two lines of HTML!) saying "New user registration is now approved by Slashdot administrators. Please contact feedback@slashdot.org ["mailto" link] and let us know why you are interested in registering, and what you can add to the discussion."
Seriously? Having to await approval after signup isn't that weird. What *is* weird is being expected to do so in the first place by emailing the admins, the sort of thing you might have seen thirty years ago in the early days of the web when it was small and informal (and I don't recall it being that common then). Not even a plain form or any sort of guidance, it smacks of them *not* wanting new users. I can't see your average Gen Z-er even bothering.
I could have understood that if it was the short-term emergency measure it smacks of being. But it's been like that since August 2023- i.e. two years ago!!!
No idea what's going on there, but any site that does something like that *is* dying.
Some years back when Microsoft opened up outlook,com as an email service, I rushed to get my preferred user name @outlook.com.
So, for the Windows 11 installs that I've done, I've always just taken the easy way. I go ahead and complete the OS installation with that outlook.com address. Then, when the system finally opens up to the desktop, the first thing I do is create my preferred local user, administrator account. I sign out of the Microsoft account, sign into my local user, and proceed from there with data and application installation. There is no reason to ever sign back into Windows with the Microsoft account.
Within my local user account, traces of that Microsoft account still linger ghostlike. When I'm in (classic) Outlook creating my email accounts, the outlook.com email account goes right through without re-entering the password. Ditto for installing the Office 2021 suite linked to a Microsoft account (once installed, I sign out of the account within Office to avoid undue cloud entanglement).
Is this approach too easy? Does it entail too much Microsoft involvement for purists?
Following the above procedure still leave M$ with access information to your PC. They can still use the Microsoft Account to connect to your PC as an administrator. The missing step that needs to be added - log in using your new local account and delete the Microsoft Account.
Couple of possible "solutions". Why use Bitlocker on a personal computer in the first place. If you do enable it, make a copy of the recovery key at the time of setting it up. And if you are re-installing, why do you need access to the bitlockered partition anyway? If you've reached the point of re-installing, mostly you are wiping it anyway and the current bitlocker key becomes irrelevant. Or have I missed something?
Microsoft accesses the system at system user level via the various ports it has open to it: windows update, defender, etc.
Remember Kaspersky demonstrated how their cloud antivirus could upload any files investigators at their cloud operations centre specified. So that makes the Defender port particularly attractive, as its actions are invisible to all other users.
Windows 10 also did this but if you hit the "NO" button [or whatever it is] and confirm 3 or 4 times you can get past the "Strong-Arming".
Looks like 11 is WORSE. Since I'll NEVER use "[b]One[d]" drive, "The Store", or allow Micros~1 to know what and when I'm doing "whatever", it is becoming even MORE imperative to use "local only".
I recently started working on a project that requires control software to run on a Windows 11 touch screen as well as Linux. It was sent to me pre-config'd with a local user that has no password. It's the same user on all of them, apparently. My guess is someone went through the trouble of making such an image, then 'ghosted' it, and cloned it on multiple touch screen computers, altering licensing as needed...
If you use a smartphone Apple or Google know all about you. Why is it any different that Microsoft does? Its the price of living in the modern world. I have a friend who doesn't use any of the stuff, has no access to the internet. Its an interesting but inconvenient life he leads.
I guess its different because it wasn't always the case. Back in the days of Windows 7 and earlier there was no telemetry or requirements for online accounts etc. But since these versions were EOL'd and Microsoft required you to update to the latest version if you wanted to carry on using Windows, then you were forced to have to deal with telemetry with no easy way to switch it off.
Android has always been Googles spyware from day one, ditto for Apple with iOS. But other phone platforms did and do exist that weren't spying on you, such as Blackberry OS and numerous Linux based phone OS, some of which are still around today if you don't care about the lack of apps but would rather not be spied on by tech companies.
If you're installing Windows 11 Pro, you don't even need to jump through a bunch of hoops.
When prompted to set up for "personal use" or "work or school" use, simply choose "work or school", then "Sign-in options", then "Domain join". You don't have to actually join a domain; it will let you set up a local account at that point.
But I agree, none of these workarounds should be necessary if Microsoft wasn't so disconnected from their user's needs.
Unfair to farmers. Farmers really value their cows, and take great care to look after them well for the long term. An unhealthy (AKA unhappy) cow does not produce nearly as much milk as a happy one. Strangely, a dead one produces no milk at all, today or tomorrow.
M$ would far rather kill the cow to get more milk today, than moderate their behaviour in order to get a little milk every day for years to come. I suspect their long term position is now well past recovery. However, I don't see their decline and demise as a cause for concern, and I don't propose to worry about it. (P.S. I no longer hold any M$ stock....)
I'm not sure this is 100% true with the latest version of Windows 11 Pro. I distinctly remember installing this on a laptop and wanting to create a local account but I couldn't without using one of the workarounds listed in the article. What you mentioned wasn't available.
Is it possible that your method works on an older installation of Windows 11 Pro which would then get upgraded/updated post-install?
Just tried on a fresh 24H2 iso downloaded from here, with internet access...
1. Set up for work or school
2. 'Sign in options' below the email address box
3. Domain Join Instead...
(Yup, my work today is so boring that this was more interesting. ;) )
I went with Bazzite on my gaming desktop and QubesOS on my laptop that I travel with for work.
Have to say, after a few weeks with Bazzite it is my current favorite Linux distro for gaming and light work (QubesOS is my main work machine to keep things secure)
It is more "basic" feeling than other the other Linux distros I have used in the past but that is fine for a gaming, light work machine. This may be what the family gets installed in a couple months.
I still haven't wiped my Windows 10 partition just in case though :)
I had to create a fake personal MS account because there's no other way to make a backup of MS Authenticator 2FA codes - you need a personal MS account to do it. For a business tool.
Maybe I ought to shop them to the Privacy Commissioner.
Backing up a lot of these main stream authenticator apps is the same; you need to have a Google account, or an MS account, etc. And as for switching between iOS and Android ecosystems - painful.
KeePassXC is the shining light, and a few other compatible apps such as KeePassium on iOS. With careful selections such as these one can readily backup one's own stuff to any platform (cloud, NAS or device / PC / Mac) one wishes.
True but you're still at risk of bait and switch. In the past I've paid for a couple of Apple Mac/iOS apps because they stored data in iCloud only for a later version to ditch iCloud and force users who wanted to synch across devices to pay for their proprietary cloud.
Synology currently working well as a personal all-mine "cloud". Admittedly it's not "real" IT, but it's admirable how easily accessible that ecosystem is. It's pretty easy for the non-tech users to go independent of any third-party cloud storage.
If your Microsoft corporate login requires the Microsoft app - it goes beyond the regular 2FA.
Windows gives you a 2 digit number to enter in the app and it gives you the reply, and checks your location
I was using a regular Aegis 2FA + selecting "I can't use my app right now, enter verification code" but IT have cracked down on me
For me, corp = their problem, not mine! If they want to provide me a 2FA system and then not provision a backup, they're going to have to accept that some users are going to spend time offline due to circs beyond their control.
"Windows gives you a 2 digit number to enter in the app and it gives you the reply, and checks your location"
Does it? I wonder what MS Authenticator does with the location data check and how it uses that to decide if something is suspicious. My phone shows me as being at the other end of the country from the InTune login records which show me as being at our southern based HQ as far as the PC is concerned. Mostly, I need to authenticate multiple times during the day as I log in and out of various systems and depending on where in the building I am, my phone may connect of the WiFi and appear to be at HQ or it may use mobile data and appear 400 or so miles north of there at my actual physical location.
It's MS Entra (the artist formerly known as Active Directory) which would pick up discrepancies in location. It does that in two different ways:
1 - dual logon from different locations - possible if users have a phone (so 4G path) and WFH locations but there's a max delta
2 - 'impossible travel' - logins from so different locations that you could not have travelled that distance. Also trips alerts when people are messing around with VPNs (usually on BYOD phones).
You can set conditions for this - in our case it forces re-authentication and an alert to the security admin, because you could be dealing with a stolen browser auth token because someone clicked on a phishing link. Both at the same time gets the user booted off the network and the account locked. In general that means the endpoint in question will no longer be trusted (read: we give the user another laptop and stick the old one in the pool for re-imaging - user defaults are set to avoid local storage - just in case it picked up a zero day nasty). Brutal, but it works, and we catch enough phishing via breached supplier accounts to have both C level and user support for it (partly because news of a forced disconnect tends to travel around quite quickly).
Google Authenticator now has an option "Export codes" which lets you export one or more TOTP seeds as a single monster QR code. You just need to scan this into some other device (even just take a photo of it)
I see this s**t from M$ about every four years......when I usually buy a new laptop.
My procedure is much simpler:
(1) Download the latest Fedora/XFCE ISO.
(2) Burn to a USB thumb drive
(3) Insert thumb drive into new laptop
(4) Boot from USB
(5) Configure laptop (with the whole hard drive assigned to Fedora)
There!! Microsoft completely removed!!
I am.
Borkzilla is making Windows more shitty with every update and I'm fed up with that. But, until I retire, I'm stuck with it because all my customers use Windows. And gaming is still easier on a Windows platform. I am under no illusion that Windows is superior. It's a pile of dogfood laying on a pile of shit.
But seeing those holier-than-thou comments from people who are not concerned is starting to grate on me.
When I retire, I'm moving everything to Mint (that's my decision for now - I'll take stock of the situation when the day comes). Until then, I'll grit my teeth and bear it.
For home use most people wouldn't need to use Windows but in practice have to use it through not being provided with alternatives. You and I know what those alternatives are. We will also set them up for users if occasion demands it but, of course, suggesting that usually brings torrents of abuse from a few particular commentards when mentioned here.
That's why I tend to send them the Apple way if they can afford it. Also means I can divert support requests to the Apple resources, and still be relatively certain they'll be safe.
Yes, I can cook up a Linux desktop but then you get the problem that they want to do mainstream things and those tend not to support Linux. The older generation just wants to surf and email, and then a Linux desktop is OK (also for web based facilities), but anything that requires a desktop application is just easier on a Mac.
That said, I will stick something like Little Snitch firewalling and Intego anti-virus on it. XProtect is OK, but I like an extra layer anyway.
"For home use, most people *don't* have to use Windows."
I'd go a step further and say for home use, most people don't need a PC at all and so will be using iOS or Android on a phone or tablet. I see fewer and fewer friends and acquaintances even bothering with a new laptop when the old one dies because they are mostly consumers at home and rarely need a full fat PC/laptop. At least a few still using PCs/laptops are looking seriously at switching to a tablet when Win10 updates stop coming. (yes, some of them still have kit old enough to not have TPM 2.0) and don't see why they should throwaway "a perfectly good computer and buy a new one", just because of Win11. Some will stick with Win10 too, of course. Some might even go Chromebook, just for the familiar "look" of the keyboard/screen layout. Others may go iPad+keyboard or even some of the Android (Samsung?) tablets that have a desktop mode. There's probably more choice other than the "WinTel duopoly" now than there has been in decades, since the days of Amiga/ST and the like.
As I get older, using a real desktop PC with a proper monitor for my vision and a proper keyboard for early arthritis is increasingly attractive. I hope desktops don't die out.
Yes I can "consume" on a phone or my tablet if I can wrench it away from grandchildren. My main system is actually a laptop which I dock and I can just cope with the high resolution 13" screen for short periods, but usually find something to plug it in to. So much easier to write letters on, even to make web orders on than some silly app on a phone which is just a bastardised web thingy. I grudgingly respect the security the phone provides to log in on banks etc. Other a physical key (Yubico) provides TFA.
The tablet uses Fdroid and Aurora without a Google account. The laptop (and my spare) use Linux (OpenSuse Tumbleweed). I would switch the phone to E/OS (silly name) if I had the time and money to test it on a spare to ensure it won't screw my banking apps.
Sadly I still have to use Win11 for some jobs at work, and I have used Rufus for some time to do this. Great stuff.
Everything is backed up to zero knowledge servers outside the USA.
If you want to take my real screen and keyboard you will need to pry them from my cold, dead hands ... and you won't be able to decode my Keepass file (I hope). The less I have to do with US corporate giants the better, especially now Trumpelstiltskin is controlling them.
I succesfully installed the latest W11 build with a local account using the OOBE\BypassNRO command. It'll reboot, and you can set it up without a Microsoft account, just don't connect it to the internet.
Also another protip: Don't want to bother with the mandatory security questions or password hints? Leave the password field blank, and set it after logging in for the first time. I realise you can just enter BS there, but i simply prefer not to have it at all.
If I recall the official Microsoft media creation tool doesn't allow you to just specify an .iso file to use. You have to connect to Microsoft's servers each time you want to image a usb flash disk which is silly.
So unless they have even read the user-feedback and this has changed, option #2 (Rufus) is the more appropriate choice for deterministic media creation.
Yes, absolutely. Most businesses still want to use Active Directory with local accounts, and there are plenty of instances of Microsoft Windows in use in secure environments which have no internet access at all, and so cannot use Microsoft accounts or any online services.
These orgs are also big enough to influence Microsoft policy - think US Department of Defense or Treasury etc.
No longer possible as of... a year ago, I think? It used to be called the "no at thankyou dot com" method (more vulgar versions existed), you'd put in a nonexistent "account email" - critically, it had to be one that a sufficient number of people were using, hence the name of the method - and then it would say "too many login attempts" and fallback to Local Account creation. Well, Micros~1 got word of it and patched it so "too many login attempts" no longer has a fallback, it'll keep telling you to "try a different account" instead.
Good grief. That is WAY more complicated than it was a year or so back when I got this Win 11 machine - they must have massively rejigged the process.
I set up with a MS account, then just used that to create a local administrator account - I can't remember the details but it was very simple.
Then I used that local admin account to set up a local user account, which is the one I use.
I have the password for that MS account written down. Somewhere. I think.
For anyone cursed with Windows S-Mode, aka Stupid-Mode, SHIFT+F10 doesn't work. To get around the local account with Windows Stupid-Mode, I do this: (1) create a bogus @outlook or @hotmail email address. Use a bunch a random numbers and letters so you don't accidentally use it again. When asked for a name and birthday, just fill in junk. (2) Switch out of Stupid-Mode. (3) Create a proper local account in the settings. (4) Log out and then log in it to the local account. (5) Immediately delete the account with the one time bogus email address and forget all about it. (6) Immediately after that, triple-check to make sure bitlocker is turned off. Usually I turn it on and then off right away to make sure.
... simply follow these steps:
1) Install Windows 11 normally, from any ISO
2) Unplug any RJ45 (or other format) network cables from the PC
3) Turn off any WiFi adapters
... If Windows can't find a connection to the internet, it will fall back to asking for a LOCAL account only!
(none of this CMD, RUFUS, TOMFOOLERY needed)
Sadly, later versions of the W11 installer just whinge at you that there isn't an internet connection and refuse to progress further.
That led to a lot of fun and games with a work colleague's brand new Lenovo laptop, which lacked WiFi drivers at OOBE and didn't have a physical ethernet port.
Ended up digging out a USB-ethernet adapter to get it online and working.
I'm not sure that's strictly true. I did a fresh install of 24H2 today on hardware with WiFi and NIC cards not supported out the box.
At no point did it b*tch excessively - just dumped me nicely into the local account setup (whilst telling me my life would be better online)
This was the problem I ran into - and the machine I bought would not allow you to access the firmware to change to boot from USB until after an account was set up. So, they got their user count off me, but never saw the machine boot up again. Nor will they. It belongs to Mint now.
I always set up windows 11 pro PCs for customers with a local account. I even set the policies that state "do not offer cloud services". Then windows ignores them (why?) and drives the sheep... I mean, the user, to create a ms account and enable onedrive.
I then have to revert all of that, but I'm not absolutely sure about how to revert the onedrive disaster correctly, because it moves around the documents and desktop and maybe other directories.
I retire at the beginning of january 2026. Working in IT, I have had a windows PC for years.
Last night I got a new one. The manual said be very careful not to cut the power to the PC on its first boot as Windows11 is setting up. I very carefully did not allow it to try. I now have a computer with nothing from Microsith. No Teams, Word, OneDrive or any other spyware to allow the NSA in. I know, even Linux needs patches. It's not a perfect world!
No experimenting to see whether MS has blocked the methods I red about. Plug in the USB, switch it on, change boot order and "it just works"! Also a LOT easier than installing Windows...
Or that the Linux version is cripped as all get out? As a content creator, that's my main problem, the Linux version of Davinci Resolve is "functional" (as in, it'll let you edit and render video), but it's far more limited in what it can ingest and spit out due to - what else - codec licensing bull$$$hit. ...There's also the fact that PaintDotNet (the ".NET" in the name should be a hint that a native Linux build can never be created) "does NOT like Wine" (in the same sense that Aperture Repulsion Gel "does NOT like the human skeleton", I actually saw reports of Wine causing kernel panics when trying to run PDN with it), and the nearest purpose-equivalent program, Gimp, is so feature-packed that it's actually not capable of the simple image-editing features I need (apparently "nearest neighbor resizing" and "non-antialiased paintbrush drawing" are too primitive for Gimp to support)... and for console recording, Elgato is straight up "we're not interested" regarding allowing it to work on Linux.
So of my entire video-creation toolchain, literally the only thing that "works as intended" in penguin land... is OBS.
Just to make sure you haven't missed any options, have you looked at any/all of kdenlive, openshot, shotcut, vidcutter, flowblade and even Blender on Linux for video editing? I'm not especially familiar with any of them, I've only ever dabbled, nothing serious, and it was a while ago, so have no real idea if any (or a combination) might be of interest or use to you.
Likewise, there a multiple options for graphics editing other than GIMP, some of which may be more suitable for your workflow.
The biggest issue isn't really the apps themselves and what they can or can't do IMHO. It's the (often) vastly different methodology and therefore hugely changed workflow that someone switching ecosystems faces. If it was me coming into the sort of content creation you do, I'd probably have far less of an issue because while the learning curve would be at least the same for you and I, I don't have the "baggage" of "unlearning" the other workflow.
So I suppose what it all boils down to is, mostly you probably could switch if you had to, but it'd be like starting all over again almost from scratch and therefore a costly investment in time, something only you could decide if it was worth it. And it probably isn't because your current workflow probably has years invested in it already. On the other hand, I do know at least one person who got so pissed off at Adobe and their cloud shenanigans that he finally made the jump to an almost entirely FOSS workflow, but it did take him some serious time and effort to achieve. Mostly he found workarounds and enough "benefits" to outweigh most of the "losses". But not a solution for everyone.
If method 1 doesn't work, and you're helping someone set up a Win 11 box they've purchased from somewhere so you can't use Method 2, there's a fairly simple way to get that local account on the machine.
Hopefully you own a domain with a * entry in your aliases file pointing to some real address. This allows you to give any email address you want at that domain to M$ and keep its grubby hands off of your real address.
Once WinDoze is up and running, logged in to M$ with the throwaway address, open a DAS prompt as administrator and run:
net user mylocalaccountusername myreallysafepassword /add
net localgroup administrators mylocalaccountusername /add
Substitute your own choices for mylocalaccountusername and myreallysafepassword.
Reboot and log in as mylocalaccountusername
If you don't recall the name of the M$ account, open a DAS prompt as administrator and run 'net user' to see what it was. Let's say it was mystupidonlinemicrosoftaccount.
Then run:
net user mystupidonlinemicrosoftaccount /delete
Reboot again and M$ is out of your hair, at least until the next time CoPilot maddeningly adds itself back to your taskbar.
...I kinda wonder if that would actually work... considering the new Local Account won't be the Original Device Admin (the very first user account registered on a device, Local or Remote, which has special permissions higher than "admins created after the fact").
Certain programs that require being launched as admin (for fellow college students, ProctorU Guardian Browser comes to mind), won't just run under "any" admin, or on a non-admin account that you entered admin creds at the prompt for... they explicitly only run if you're logged in as the Original Device Admin, since it's specifically checking for "the first non-SYSTEM user account created", rather than merely "is this user an admin".
Don't be fooled. Even if you're using a local account, it's still Windows. It's still spying on you. It's still awful.
Yes, totally with you!
Just get a copy of OpenMandriva Linux
OK, fair choice, wouldn't be my suggestion for a newbie but whatever
use a non-spying browser like Brave.
...and downvoted. Nope. Brave is a) not non-spying and 2. is actively worse than Firefox.
One is use Rufus the same as the article, the other is during the install/setup when opening the command prompt to use the net user command and add my local user. When I have rebooted at that point it has always gone straight through the setup without all the other questions in the OOB. On the none pro version that had already finished setting up. When I powered it up for a friend I ended up booting up from Knoppix, copying cmd and renaming it to msutil.exe and rebooting which then allowed me open a command prompt and create a user manually before going back to the login screen and login as local user. They couldn't remember the detaills of their Microsoft login or so they said. I confess I left the false msutil.exe as was rather than change it back as not the first time they locked themselves out of a Windows PC they are in the mid to late Eighties!
...on a new computer by the OEM?
I've been searching high and low, and there is oodles of advice (such as in this fine article) about how to circumvent creation of an MS account when installing Win11 from scratch .
But what about the case where it is already installed and now "only" needs setting up, including account creation (assuming it's a new box and so far unused).
Does one simply step into the same workflow as described, but at a later point?
Or does one really have to install Win11 again, thus overwriting the existing installation (and would that even work for a new computer, or would one run into licencing issues)?
Thanks for any pointers.
(And before anyone mentions it, I am aiming to move to some Linux, in due course, and was eyeing MX Linux, but now this... :-/ )
The steps specified are the same. They are done in OOBE (Out Of Box Experience), which is the Setting Up part.
If intending to run Win11 installing a fresh copy may be desired, as the device will not include the bloatware that the the various hardware vendors add in.
Licensing should be fine, as the license key is matched with the motherboard.
One problem with overwriting a preload with a fresh install is device drivers. It's not a bad as it used to be, but there are still quite a few vendors selling machines with hardware that isn't in the WHQL list, and might not be in the install image, depending on how long since it was refreshed. And you might end up having to load the vendor bloat anyway. Example, my MSI laptops require Nahimic if I want ANY kind of sound. Just be aware that you might be trading one headache for another.
But what about the case where it is already installed and now "only" needs setting up, including account creation (assuming it's a new box and so far unused).
First step, don't plug in a network cable or allow it to connect to your WiFi.
From there its just the maze of fighting your way through the Microsoft stupid until it figures out it has no way to phone home.
At least that worked on Win10. I won't be putting Win11 on my personal computers, I updated my laptop last fall with the last available (and acceptable) Win10 preload I could find. Had Win11 on my work laptop and it had no 'improvements' that interest me.
And before anyone mentions it, I am aiming to move to some Linux
Even though I have been using Linux for 25 years, I still find it difficult to get away from Windows entirely. Consumer apps that I want/need that don't have Linux support. I don't think Reolink supports Linux, probably have to go through Home Assistant. I haven't tried out Steam, mostly because I haven't built a Linux gaming platform. I kept telling myself I'd stick to console games for the few that I play. That hasn't been a very successful plan either. Or a 3d slicer that compares to Cura. It seems like as I knock one thing off of the list, something else comes up.
About suckers using windows 11 in the end - as there's still the network effect and profits.
You going and installing GNU/Linux wouldn't make them angry either, as they know chances are you're going to go install their software, or at least still connect to their servers and give them something; https://blog.desdelinux.net/en/the-raspberry-pi-foundation-secretly-installed-a-microsoft-repository/
The only thing that would make them angry would be installing a free GNU/Linux-libre distro and refusing to install their proprietary software.
One thing that got me after creating a local user on Windows 11 was how to login to the damn thing.
You have to select other user and enter
.\username
I didn't think of that as back in the Windows 7 days the local users were just
username, and domain users had to do
domain\username
Didn't want the damn thing, but had to set up a test Windows test VM and certainly didn't want a Windows account.
Nice guide, thank you for putting this together.
If you find this guide complicated ... well the rest of the setup may equally suck at least if you buy ASUS.
///////
tldr;
Had to do this last year to configure my spouse's birthday present... an ASUS laptop.
after replacing the OEM drive with a larger capacity...
and certainly before figuring out the hellscape of drivers.
ASUS has some really weird requirements to install myASUS to get some laptop features enabled.
Then, Sadly G-Helper wasn't playing nice with Optimus and ARMORY CRATE is basically the bog of eternal stench, whilst the GPU has to be on full tilt to run their development environments.
Then of course over-achiever me had to gift wallpaper engine thru steam, and sign in as steam myself to configure, and sign out.
But the look of astonishment on opening up the laptop gift - in glorious vaporwave/outrun A E S T E T H I C - made it all well worth my time.
