Is it possible to configure a pre-installed Windows 11 machine with a local account anymore?

Question

I'm doing the required first-user configuration when first booting a machine with Windows 11 (and S Mode) pre-installed on the machine.

Windows seems to be trying its hardest to force me to use a Windows account, for my own hardware purchased with a legitimate Windows license.

All of the techniques that seemed to work in the past no longer work:

• I can't just say I don't have internet
• Neither Shift-F10 nor Shift-Fn-F10 seems to do anything on my Aspire 3 15.
• Even using the on-screen keyboard with either of these combinations doesn't yield anything
• And none of the network-disabling techniques have worked either - just as this comment suggests, it seems the home version is very firm on this point.

Is a simple local account, not linked to a Microsoft account still possible when configuring Windows 11 pre-installed with S Mode enabled on a machine?

Answer 1

The create a local account, when your computer has been preinstalled with Windows 11 in S mode, start the computer for the first time without being connected to the internet. If you have a ethernet cable connected to your computer, then unplug this cable before turning on.

Follow the instructions given below. These instructions were tested using Windows 11 Home in S mode.

You should reach the following screen at some point after turning on the computer for the first time.

Press the key combination control+shift+F3 to boot to Audit Mode. This may take a while. You should eventually reach the Administrator's Desktop shown below.

Boot to Recovery by holding down the shift key while restarting the computer. You should reach a screen shown below.

Select Troubleshoot→Advanced options→Command Prompt. You should see the Command Prompt window shown below.

Enter the command below.

bcdedit

Example output from this command is shown below.

Under Windows Boot Loader there is the following.

osdevice                partition=C:
systemroot              \WINDOWS

If the drive letter for your osdevice is not C:, then substitute your drive letter when entering C:\Windows in the commands that follow. Similarly, if the path for your systemroot is not \WINDOWS, the substitute your path when entering C:\Windows in the commands that follow.

Edit the registry by entering the following commands. Note: Do not make any substitutions when entering the reg add command given below. Enter this command exactly as shown.

type C:\Windows\System32\oobe\BypassNRO.cmd
reg load HKU\TempHive C:\Windows\System32\config\SOFTWARE
reg add HKU\TempHive\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
reg unload HKU\TempHive

An example of entering these commands is given below.

Enter the following command to close the Command Prompt window.

exit

You should return to the following screen.

Select Continue. You should return to the Audit Mode Administrator's Desktop shown below.

In the System Preparation Tool window, shown below, select OK.

After a while, you can continue setting up Windows. When you reach a screen similar to the one shown below, select I don't have internet.

Later, instead of asking for you to sign in, the follow display will appear asking to create a local account.

When I encounter my Desktop for the first time some of the icons were missing, as shown below.

After connecting to the internet by plugging in the ethernet cable, the screen changed to the following.

After connecting to the internet, you probably should visit Windows Update.

Below is an image of the Windows Specifications. This image was taken after signing in to my local account.

The image below shows device encryption is turned on, but has not occurred. To start encryption, sign in to a Microsoft account. This will switch the user out of using a local account. A recovery key will be sent to the Microsoft account.

The image below shows the result after signing in to a Microsoft account. Device encryption has started. I verified that a recovery key was sent to the Microsoft account by going to https://aka.ms/myrecoverykey.

Answer 2

The first section below describes a solution where I create a new Microsoft account with random data, then create a local adminstrator account and delete the Microsoft one.

After this, I put some notes on how one might be able to avoid creating the random Microsoft account altogether.

---

I created a new Microsoft Account using random data everywhere. It was still necessary to link the account to an "existing" email address. I used my own email address -- but it's possible that random data here would also be accepted. I recommend holding on to all the random information until you are successful at creating a local administrator and deleting the random account. From a Git Bash prompt on another machine, I used cat /dev/urandom | tr -cd '!@#$%^&*()_+{}:;>?[:alnum:]' | head -c 30 to generate random information; you may prefer a different approach.

Then, the laptop went through an update process which took some time.

After that, I followed Steve Rindsberg's advice and added another user. Again, the suggestion was to link their Microsoft account, but I selected these options:

1. Press Windows key, type "Users", then click on "Other Users", then click "Add account"
2. "How will this person sign in?": Click "I don't have this person's sign-in information"
3. "Create account -- someone@example.com": Click "Add a user without a Microsoft account"
4. Name "LastName" (Used my family name here)
5. Password. Left this blank.
6. Click: "Change account type", then select "Administrator"
7. Shut down. (Or log out)
8. Log in as "LastName". No password was required.
9. "Choose privacy settings for your device." Turned off everything here (except required diagnostics, which are still sent in the off state.)
10. (you can skip this step) Once logged in, again went to the "Other Users" page as above. But could not delete the other user because they need to "sign out" (which is strange, because I rebooted and did not log in as that user.)
11. Switched to the random user, using the pin I created when setting up the machine. Then signed out from that user. (If your laptop has SMode and you want to disable it, it's probably best to do this with the random user at this point, rather than creating a second random user.)
12. Signed back in as "LastName". Returned to the "Other Users" page. Selected the random user and clicked "Remove".
13. In the "Delete account and data" dialog, clicked "Delete account and data."

The laptop I purchased came with Windows (and S Mode) installed by default. If you want to disable S Mode (as I did), I recommend doing so at the point mentioned above, rather than following the instructions below. But these instructions described my own process. When I tried to install Firefox, I needed to switch out of S Mode. It turns out that you ALSO need a Microsoft account to switch out of S Mode. At this point, I either had forgotten exactly what my Microsoft account was, or it was considered a corporate account, so I:

1. Created yet another random account with a random email and password, as described above.
2. Used that account to switch out of S Mode.
3. Went to microsoft.com, and signed in with that account's username and password.
4. Went to devices and unlinked the device, also unlinking the account from Microsoft Store.
5. Rebooted the computer, confirming that the machine did NOT suggest that I sign into that account, as suggested by this answer.

At this point, I believe I have an ordinary traditional unsecured Windows machine.

---

If you don't want to even create a random Microsoft account, I recommend:

• Don't enter any details for your WiFi.
• Try the various Alt-F10 techniques mentioned in the question
• If you get to a page asking for your name instead of your email, go ahead and create the account and don't cancel out -- you might not be able to get back to that page!

I was, at one point in the process, able to have it start creating a local account. But I was not able to reproduce this process. Roughly, this is how I was able to get to that point:

These are the steps I followed with my Windows 11 Aspire 3 15:

1. When asked about the country, I selected "United States" and clicked "Yes".
2. When asked, "Is this the right keyboard layout or input method?" I selected "US" and selected "Yes."
3. Skipped second keyboard layout.
4. Had already enabled wifi on an earlier pass, and I have enough neighbors with WiFi that I likely couldn't skip this step anyway. So this time, it just skipped to the next screen without even mentioning wifi.
5. Clicked on "Sign in"
6. When coming to the dreaded "Let's add your Microsoft account" screen, I clicked on the "No account? Create one!" link.
7. At this point, it asked me for my name and then instructed me to create a secure password. (but suggesting that it would be better to use an online account).

I think proceeding from this point might create a local only account.

But when I repeat these instructions so as to capture details, it is now asking for a email address rather than a first name! I force-turned off my computer, and this did something to the install process.