Windows admins have options to create local or Microsoft Accounts when it comes to the operating system. The initial setup after installation pushes the Microsoft Account option but it was possible up until now to create to a local account instead. Microsoft has made it more and more difficult to create local accounts during initial setup and discouraged users to do so.
A report on Reddit suggests that Microsoft has made it more difficult to create local accounts during first run. The user reported that no option to create a local user account was presented during first run on the system Windows 10 was set up on.
While there’s nebulous ways to make the local account option reappear, this is clearly designed to push people to online Microsoft account. I personally use an online Microsoft account since I find it easier to manage my various machines, but removing or hiding the option to use a local account is just a user-hostile dick move.
And do not forget the “password reset questions”, which are very hard to remove:
https://superuser.com/questions/1318956/disabling-security-questions-in-windows-10-pro
If I have a secure enough password, why would I want to enable weakening the system with simple questions? I can understand it being useful for some computer novice user, however in the “pro” version we are still required to include them (by default).
They seem to only support two cases:
– Cloud based accounts
– Customized ones, but only for domains with a server based policy / customized install
They no longer want to support individual pro users who want to build their own workstation.
So don’t use password reset questions. Pick “what’s your mother’s maiden name”, and enter the answer “sdhjkfsh9p8y32804ry24ghurwjbifjsbdiuhfbds”.
Yes, this is what I eventually did. However it still opened up another attach surface. (How good is the password reset question storage? How secure is the reset mechanism?)
If you create the user account from within Windows (not at install), you aren’t presented questions. Or, if you initially don’t create the password, just login name, you aren’t presented the requirement of security questions. Add the password after login.
(we have a number of clients who don’t run domains, so these workarounds are easy enough still)
The reddit post is marked as “not true” and the original content deleted.
Seems like it was all spreading of FUD
We’ll see. Marking something untrue isn’t hard either. Given Microsoft’s past moves so far, and their clear agenda to push Azure, would this surprise anyone?
Microsoft makes it as clear as can be: On the screen where it asks for login information, there’s bold text that says Offline Account.
There is no ambiguity. If you click that, it asks one more time if you’re sure, and has a yes button and a no button – not a No button and weirdly located low-contrast text that needs to be clicked to proceed – straight, regular buttons, with the “Yes” button even the one that’s highlighted.
It’s more than a “dick move” as you put it, it’s business-hostile. This is designed and aimed not at the consumer, but at the businesses who have the sheer gaul, as Microsoft see it, to not pay their extravagant prices for Azure and dare run their own Active Directory and other Windows servers. If they keep this crap up, they’re going to push at least one business away from Microsoft and towards Linux servers and either Apple or Chrome desktops. This is getting insane.
I had to configure a new device and indeed it is made much more difficult to create a local account.
I can’t tell exactly in what wordings Microsoft wanted to push me towards an online account, but I managed to get a local account after filling in a (random) user name (no mail address) and just type something in in the password field.
On the screen that follows you can choose an option not to solve the problem at that time. Again, I don’t remember the exact words.
Only on the next screen or so I can choose a login name and only when you read between the lines you can find out you are creating a local account, next screens for password and security questions remain as expected.
Good luck if you need to do so.. it really isn’t clear and took me quite some time to figure it out.
There is an easier way: don’t connect to a network during or after installation. When it complains, just tell it to continue. Still, it’s far from obvious.
I was going to suggest that. Hard to create an online Microsoft account if you have no network connection.
There’s an even easier way: Click the clearly visible bold text that says Offline Account when it asks for your Microsoft user name. The only way it could be clearer is if it defaulted to an offline account and had bold text that said Online Account.
spinnekopje,
I did something like this with an android phone without realizing that google had implemented a new mechanism called FRP (factory reset protection) to lock users out of the phone after a factory reset if they don’t have google credentials. The thing is, I didn’t care that much about the google account, I just needed it because google requires one for the app store. So I thought “whatever”, without understanding that now when you register an account for the playstore, google simultaneously applies the FRP lock to your phone whether you want it to or not. Alas at some point I wanted to change something on the phone, android FRP required the google account credentials and I ended up getting locked out of my own phone because I only had my local credentials, As the legit owner I was furious that google had taken my phone hostage from myself. Thankfully I managed to remove google’s FRP lock because it turned out to be vulnerable. The fact that FRP didn’t work defeats the whole point in deterring thieves in the first place.
Anyways, the whole point of this is just a precaution against filling in random user names and passwords for the on-line account even though your intention is to use the local account instead. I learned the hard way that whenever you register a google account on android, google can lock you out. I don’t actually know if windows 10 has a similar mechanism, but I wouldn’t want to learn that the hard way.
How long ago? I literally today downloaded the ISO and went through the install process, and it really couldn’t be simpler or more clear how to use an offline account instead.
As much as this is a DDick move, this forces a USer’s personal information online, to which privacy advocates abhor. This nullifies the Tor network, i2p, etc. as long as you use a WIn 10 PC., your name, and other personal info is at risk as M$ is a one stop shop for data miners and hacktivists.
And let’ s say that you’re a Win10 PRO user.. the company that you work for may be in a position to gather a treasure trove of personal info on you as long as you sign into their systems with your M$ account. All that’s needed is an update to your employee contract in the US. Other than that, FAcebook, Google, et. al. just have to engineer a cookie that will parse your user info through your browser and their internal APIs with M$ will divulge your personal info down to your personal address without the need to be dead stopped at the ISP level.
I just ran the installation. When it asks for a login for your Microsoft account, there’s an option in clear, bold text in the bottom left of the screen that says “Offline Account.”
It used to be sort of hidden, but it is clear as can be. The original post was bullshit. It’s clearer now than I’ve ever seen it in Windows 10.
Just dont connect a network and it’s still easy. When internet is connected I could not create offline account, when disconnected it’s just one click away.