An alternative to bypass Microsoft Account creation during Windows 11 installation
Posted by bagaudin@reddit | sysadmin | View on Reddit | 72 comments
Thanks to this post and u/Neroxx:
To save everyone a click, the only interesting part in the article:
"Discovered by user @witherornot1337 on X, typing "start ms-cxh:localonly" into the command prompt during the Windows 11 setup experience will allow you to create a local account directly without needing to skip connecting to the internet first."
slugshead@reddit
Or just domain join it...
KazuyaDarklight@reddit
IF it's pro.
slugshead@reddit
Who isn't running at least pro in /r/sysadmin ?
FuckKarmeWhores@reddit
Dude, here we only run pro max ultra windows
Stonewalled9999@reddit
with cat 8Xe cables?????
FuckKarmeWhores@reddit
Got those in 166 meters!
someadsrock@reddit
I work for an MSP. Some of our clients are penny pinchers who will insist on buying devices themselves because they think we're ripping them off. They'll buy a device from a standard department store that comes with W11 Home. To connect it to their domain, we obviously have to upgrade to Pro, but that can only be done after the initial setup is done.
That being said, I use MDT, so no need to worry about this Microsoft account issue.
Stonewalled9999@reddit
well to be fair, most MSPs rip people off. Ours charges $280 for hour to figure stuff out when I tell them the exact reddit article to fix the issue.
rosseloh@reddit
I worked at a small MSP that did walk in support for regular folks. I did sysadmin work and reloaded home edition PLENTY. There are valid reasons for this to be useful.
Popensquat01@reddit
Maybe someone helping a family business that’s tiny? Otherwise, agreed with the sentiment lol
trebuchetdoomsday@reddit
the family business is running windows home?
GraemMcduff@reddit
A lot of small business just go buy the cheapest computers they can find and thosr almost always will have a home edition of Windows. And since they are cheap enough to get cheap computers they are cheap enough to not want to upgrade to Pro. And when all they are using it for is to access stuff on the web, there is really no reason that can't do that with a home edition, so there really isn't a lot of value in getting pro if they don't have much more than 5 devices to manage.
ohyeahwell@reddit
Can home be entra/aad joined?
GraemMcduff@reddit
No, but it can be and will be Entra registered if you sign in to any apps with your Entra Id.
ohyeahwell@reddit
Thx, I've seen that in our org.
tejanaqkilica@reddit
A business like that will not have any issues signing in with a Microsoft account, so this solves nothing tbh.
GraemMcduff@reddit
That is a valid point.
ThorThimbleOfGorbash@reddit
We have a neuro clinic we support running a few Home systems. Businesses will get away with anything they can; they have been warned each time they buy a Home system and don't want to upgrade to Pro, so we have a paper trail for that at least.
Ninja67@reddit
As someone who used to work at knockoff geek squad at staples, there is a staggering amount of people using their personal computer for home / small business. One time I had a guy come in, he wanted 30 computers, no extras, didn't care about the configuration or the specs. (We didn't even stock 15 on any given day, we just didn't sell that much per week). Guy couldn't get through his head that I wasn't going to sell him my entire stock to him at a discount like I make some commission on every unit I sell. It was the warranties on antivirus they would want me to sell him.
NoReallyLetsBeFriend@reddit
Ouch, knock off geek squad? I'll have you know we got a LOT of people at our store coming from BB geek squad when they couldn't fix stuff. They just started sending to me across the street lol.
Legit had GS try to sell a woman a new high end laptop over $1000 bc her other wouldn't turn on. She told me they tried holding down the power button, etc, nothing.. She brought over to us and in listening to her issue, I had her bring it right in, popped out the battery (remember so many laptops had removal batteries?), pressed power button a couple times to discharge, popped battery in and it fired right up. She was so grateful and she was shocked I didn't even charge her. No point in a ticket and all that for a "quick look". She only did email, FB, Amazon, solitaire & other freebie built in games. Gs heard she played games and tried to immediately upsell her. Or didn't try hard enough to "prove" it was broken.
Things were so much easier back then lol
MalletNGrease@reddit
We buy by the pallet from Staples and you bet we get deep discounts. Different sales channel though.
trebuchetdoomsday@reddit
no kidding. this is fascinating.
Ninja67@reddit
https://www.nytimes.com/2012/09/09/your-money/sales-incentives-at-staples-draw-complaints-the-haggler.html It was this way when I left 2021, nothing had changed in almost a decade. To answer the articles question, its because of pressure to sell service plans and store warranties. I likely would have lost my job if I had sold every laptop in the store to that guy with nothing attached.
Ninja67@reddit
Yeah I was just in store guy, it was actually only after this interaction that I found out about the bulk sales channels. Had only been with the company for a year or two at that point, funny how they never mention that during the training
changework@reddit
Of course it is. Also, it’s XP.
tgp1994@reddit
Solved the online account issue! 😄 Now their PC is in a botnet, but you do what you can.
lighthawk16@reddit
If you have ever worked for one, you'll know that's mostly all they ever have.
joshbudde@reddit
Has to be Enterprise to see the domain join option during OOBE, not just Pro
jupiter5678@reddit
The domain join option is on Windows 11 Pro. Been using it for over a year.
joshbudde@reddit
Where are you seeing it? I'm setting up a Windows 11 Pro device right now and it requires network connectivity, then goes straight into requiring a Microsoft account.
jupiter5678@reddit
I'm using a 23H2 image to remiage, so can't guarantee it's still on the newer 24H2 version... tomorrow I can go through the reimage and send you a picture.
Stonewalled9999@reddit
it it still in the 24H2 version
Stonewalled9999@reddit
that is not true. We only have pro here and that join option /skip MS account is there for us
Alpha272@reddit
Domain Join is definetly present on Win 11 Pro. Just home doesn't have this option, but home isn't even capable of joining a Domain at all.. so yeah..
makeitasadwarfer@reddit
Yes I often create a domain and then join machines to it so I can setup local accounts.
That’s a sensible solution and well worth mentioning.
craigmontHunter@reddit
I run a domain at home for this reason (as well as GPO to disable crap I don’t want) - it does mean I have a shock when I use a stock windows install.
bojack1437@reddit
...... If you click domain join, it doesn't join to a domain immediately, it takes you to a local account creation and proceeds through the setup.
And once you're at, the desktop doesn't really matter what you do, you can keep it a local account.
Ludwig234@reddit
Unfortunately. I wish there was a way to setup a new installation manually (no SCCM or similar) using the local administrator account like you can do on Win Server.
You don't even need a complicated password since it will be changed shortly after it gets domain joined and LAPS kicks in.
bojack1437@reddit
.... You can.... On Windows Pro... You simply select domain join and it creates a local account.... I mean other than the additional single click, it's exactly like setting it up for Windows server.
phunky_1@reddit
It's kind of funny that people even give a shit about this requirement.
It is so much more convenient and secure to do passwordless authentication with MS authenticator.
Stonewalled9999@reddit
say you've never set up a PC for an end user without actually saying it. Its a pain in the neck TBH when my clients all buy a home edition and hire me to set it up. I have a live ID with 150 customer PCs on there I keep clearing out
phunky_1@reddit
We have autopilot set up so basically it is good to go out of the box for a user to sign in with their entra id credentials.
Dolapevich@reddit
There is a point where insisting in taming your enemy becomes the symptom of a problem. Just let the thing die. Move to linux.
I would have never thought "We have local users" would be a selling pitch.
unixuser011@reddit
This is only a problem for standalone installs, correct? If we’re installing from SCCM/Intune, we’re fine?
bagaudin@reddit (OP)
The comments here lead me to believe that it is correct, although I haven’t touched SCCM or Intune for a long while.
cisco_bee@reddit
I literally needed this today. Does anyone know how to open the command prompt in RDP or Hyper-V? SHIFT+F10 doesn't seem to work.
Entegy@reddit
Do you have a laptop keyboard? Shift+F10 works in my Hyper-V machine. I'd tore have a laptop, try Fn+Shift+F10.
daffy_69@reddit
try the on-screen keyboard?
cisco_bee@reddit
I tried that. It didn't work.
Aarinfel@reddit
Try Ctrl,shift,f10
OzMonkeyZ@reddit
There was a time, not sure if it was only windows 10, where disconnecting the internet while installing would force it to do a local account. I'm guessing they stopped allowing that. I thought I read somewhere that they are thinking of stopping the BypassNRO sometime also.
screwdriverfan@reddit
bypassnro.cmd was apparently just a simple script (can also be found in Windows/System32/oobe ):
@echo off
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0
It does the same thing as what the article says. Either you write that in console or add it to installation media and run it, makes no difference.
NoReallyLetsBeFriend@reddit
That's a lot of work, launch cmd type oobe\bypassnro then reboot. Done. When at network screen to connect, click I don't have one. Obviously don't connect Ethernet
Furinex@reddit
Microsoft removing this in an upcoming patch, it was just announced.
NoReallyLetsBeFriend@reddit
Oh gotcha, missed that then
purplemonkeymad@reddit
rufus can also just slip stream that key into the image if you are installing fresh.
Vance_Lee@reddit
My imaging tool just uses an unattend to skip all that bollocks, including making local accts lol.
AlexisFR@reddit
Yes, I'll just wait for the Rufus option, thanks you.
NoReallyLetsBeFriend@reddit
Shift + F10 before the network screen (at any point really)
oobe\bypassnro did the truck. You just clicked "I don't have a network connection"which showed you to create a local user account.
This was helpful to us who is a small business and we don't use InTune or corporate images for our users. Manually setup each PC.
MSgtGunny@reddit
They have stated they are removing that command, so that specific sequence wont work in the future.
The other comment you responded to is showing the contents of the command, which may or may not work depending on if they just remove the bypassnro script or also remove the registry setting the scripts modifies.
626562656B@reddit
in my nation it job is to replace genuine software with cracks
Drylnor@reddit
I'm just running oobe\bypassnro and it works like a charm.
somethingwhere@reddit
in case you missed it they are removing the bypassnro.cmd file which is why this post is relevant.
https://arstechnica.com/gadgets/2025/03/new-windows-11-build-makes-mandatory-microsoft-account-sign-in-even-more-mandatory/
Drylnor@reddit
Oh wow. I definitely missed that!!!
Kingding_Aling@reddit
At what point? Is this a shift+F10 thing?
ThatUsrnameIsAlready@reddit
Videos show it working immediately after OOBE loads, during country selection.
4thehalibit@reddit
Yes
lit3brit3@reddit
Good post
Fatel28@reddit
Or just use a provisioning package
belly917@reddit
It used to immediately roll right into the provisioning package automatically.
Now it stops to prompt you for a Microsoft login. You have to hit the windows key 5 times, and then it presents you with a menu to load a provision package.
Fuck off with the Microsoft accounts Microsoft!
seamonkey420@reddit
is the autoattend.xml route still working?
Special-Original-215@reddit
I did it by connecting it to the net then turning the net off for a few