Windows 11 Home - First Real One

[nlinecomputers]

Which I can't. Password or PIN. Period, end of sentence.

Because you don't subscribe to Microsoft 365.

 

[britechguy]

Because you don't subscribe to Microsoft 365.

Indeed. As God-only-knows how many millions of others don't, either.

All the world is not now, and will never be, subscribers to M365.

 

[YeOldeStonecat]

I dislike the online accounts but I think it's just bias. I have a tough time making a strong case against them. I need to remember Google has been doing that with my phones for years.

I feel the same way....I don't come from the "personal/home" computer world, I come from (and really just work in) the "computers for businesses" world for about 30 years. So, I'm used to A) Windows Professional..not Home, and B) Setting up networks if needed, and/or if not joining local active directory. Thus...local accounts only. And I'm used to having that back door local admin account on all workstations....just in case you need to log in locally as Admin and do things. I do realize you can create a local user after unbuckling a workstation and signing in with a MS account. There's just that..well, stick with what you're familiar with. But yes...also realizing that, in this industry, you need to keep up with things.

 

[YeOldeStonecat]

Flip side question....Apple MACs....similar no? Apple ID/iTunes account?

 

[britechguy]

Flip side question....Apple MACs....similar no?

Yes. And it carries over to iOS.

Now that cloud-based computing is here to stay, so are cloud-based accounts, which makes perfect sense. The whole idea of being able to have access to "the same things no matter where you log in" has been building and building for a long time now.

 

[Sky-Knight]

Which I can't. Password or PIN. Period, end of sentence.

Yet, being the operative word. Passwordless signon just landed on the home accounts a few months ago, give it a year or two and we'll be there.

@YeOldeStonecat Yes, you have to use your Apple account on them all over the place, just like their mobile devices.

The only way to not need a cloud account is to run Linux, but even that is changing.

 

[britechguy]

Yet, being the operative word.

I have Pro on this machine.

And unless that "yet" occurs as a "forced option," it's one I will not be using. I don't want it, plain and simple. I haven't had an account compromised in 36 years using just a password. I don't need or want anything else. Others will differ, and we each should be able to use our chosen methods.

Most account compromises are due, plain and simple, to user stupidity or carelessness. If you're neither stupid nor careless what already exists is just fine, thanks, for the intended purpose.

 

[YeOldeStonecat]

@YeOldeStonecat Yes, you have to use your Apple account on them all over the place, just like their mobile devices.

That's what I thought. So, I often read people disliking Windows doing that, but I don't recall ever coming across a post about MAC users not liking that (having to use an online account).

 

[britechguy]

I don't recall ever coming across a post about MAC users not liking that (having to use an online account).

Nor do I. Nor do you hear complaints about needing a Google Account for Android.

It comes down to Microsoft getting a very late start in the "must have cloud/online linked account" game, and people just wanting to rant about it as a result. It's been dirt common in other venues for years and years now, with nary a peep. And it's going to end up being exactly the same in the Microsoft ecosystem, ultimately.

 

[fincoder]

So, I often read people disliking Windows doing that, but I don't recall ever coming across a post about MAC users not liking that (having to use an online account).

I'm not sure about the very latest MacOS but I thought an Apple ID wasn't required. The initial setup prompts for an Apple ID with the option to skip, or allows 'manual setup' and specifying no Apple ID. Even iOS and Android devices allows the user to setup without entering an online account. And all these devices will still have their primary functions, actually nearly all their functions apart from installing from the app store and cloud sync.

 

[SAFCasper]

I'm not sure about the very latest MacOS but I thought an Apple ID wasn't required. The initial setup prompts for an Apple ID with the option to skip, or allows 'manual setup' and specifying no Apple ID. Even iOS and Android devices allows the user to setup without entering an online account. And all these devices will still have their primary functions, actually nearly all their functions apart from installing from the app store and cloud sync.

Agreed. Android nor iOS force you to use a cloud account. However, the benefits of doing so are almost undoubtedly worthwhile so it's rare someone doesn't use them. Wasting so much functionality of an iPhone if you never use the App Store! And that automatic backup of contacts, settings, photos etc is a lifesaver on a device so easily lost/stolen/broken.

Windows on the other hand - the store sucks so is not a selling point. And the good features of a Microsoft Account such as OneDrive... well you can still use those on a local account. So what's the selling point of signing in with a MS Account? Saves you like 10 minutes setting up a new device? (I'm talking home users not business).

Not saying there are no benefits but they certainly aren't so clear or appealing to the general user.

 

[fincoder]

the benefits of doing so are almost undoubtedly worthwhile so it's rare someone doesn't use them.

Sure, but at least you can use the device's primary functions without an account. If anything it allows the account details to be added later, e.g. after finding records of Apple ID or Google account. Mobile devices are more flexible than Windows 11 PCs in this regard, so I don't know why everyone keeps saying Apple and Google do it so we should put up with Windows 11 forcing an internet connection and account during setup.

the good features of a Microsoft Account such as OneDrive... well you can still use those on a local account. So what's the selling point of signing in with a MS Account?

I agree with this. The MS Acct can be saved and used automatically for MS apps without using it for login. Even Edge favourites and settings will sync without using the acct for Windows login. Not to mention it's easier for us techs to setup computers for customers.

Thankfully there are easy workarounds to the forced MS Acct login when setting up Windows 11, but end users won't know about them when they get a new Windows 11 PC out of the box.

 

[britechguy]

Not saying there are no benefits but they certainly aren't so clear or appealing to the general user.

And I find very few "general users" who adamantly refuse to create one.

The prejudice against the Micrsoft Account, and Windows 10 and 11 user accounts linked to same, is far more prevalent in the IT community than the community at large.

When I'm setting up a new machine if the user does not have a Microsoft Account then they get one created, and I do ask if they have one first. There are things related to licensing of Microsoft software where having that information linked to a Microsoft Account saves your bacon, and is easily worth having only for that and that alone.

 

[britechguy]

The MS Acct can be saved and used automatically for MS apps without using it for login.

Why, oh why, would one want to do this?

If you're logging in all of the apps that require it, there is absolutely nothing to be gained, in any way, by not having a Microsoft Account linked Windows user account. You get anything related to the Microsoft ecosystem ready to rock and roll, on demand, without having to log in again (in most cases, there are exceptions).

No one has yet explained what the benefit of a local account is. There are many for the linked user account.

 

[Sky-Knight]

Why, oh why, would one want to do this?

If you're logging in all of the apps that require it, there is absolutely nothing to be gained, in any way, by not having a Microsoft Account linked Windows user account. You get anything related to the Microsoft ecosystem ready to rock and roll, on demand, without having to log in again (in most cases, there are exceptions).

No one has yet explained what the benefit of a local account is. There are many for the linked user account.

Because being locked out of your machine because the Internet is offline isn't acceptable. It works on mobile devices because they'll just fall back to the cellular network, but I really don't want to have to shove cellular backup links into every single client network and home network just because Microsoft's MFA tokens cannot be generated thanks to winlogon.exe being unable to use the Internet!

Local accounts are exactly that, and the machine and its ability to be used are all self contained. This desktop does a TON of work that requires no network connection at all, and I'd like to keep it that way. And we haven't gotten into the business M365 conflicts...

So for me... I'll have a MS account on my box to keep the bitlocker key safe, then make a 2nd login that isn't integrated for my day to day use. Why? Because the local account will be linked to my M365 account, onedrive neatly separate, and the local password being accessible to me at all times regardless of connectivity. I don't have to worry about my personal onedrive, and my business onedrive mixing... I don't have to wait for a push notification to my phone when I need to troubleshoot something.

All of my equipment needs to function as break the glass equipment! It's part of the job! That's why anyone working in IT should be a hesitant at best, because you have to plan for these sorts of things. Having a problem happen, and because of that problem all your diagnostic equipment to fix said problem is now broken? That's not going to fly well with anyone.

 

[fincoder]

If you're logging in all of the apps that require it, there is absolutely nothing to be gained, in any way, by not having a Microsoft Account linked Windows user account.

My point was it actually is 'linked' to the local Windows account. Once specified for an app, it offers to use it for other MS apps as needed and it supplies the password. It's pretty much the same as using the MS account for login.

You get anything related to the Microsoft ecosystem ready to rock and roll, on demand, without having to log in again

Yes same when using a local account for login and having the MS account linked to it.

No one has yet explained what the benefit of a local account is.

Firstly there's minimal benefit of MS account login (except maybe to MS, which is why they push it so hard). Maybe there's a security benefit but I haven't heard a clear explanation why.

Some benefits of local account:
Password can be whatever you like (including none at all) so is less likely to be forgotten.
Lockout of online account doesn't prevent PC login.
Easier for techs to setup for customers.

 

[britechguy]

Because being locked out of your machine because the Internet is offline isn't acceptable.

And that doesn't happen. Period. End of sentence.

You can log in to Windows 10 with no internet connection when you have a Microsoft Account linked Windows 10 user account. Microsoft would never have been so insane as to create a PC that could not be used or logged into if there so happened to be no internet service.

Test it for yourself, as all you need to do is make sure you have no internet connection, log out of a MS-Linked Win10 user account, then log back in. It will work.

A copy of your password is cached on the local device so that you can always log in whether you have internet connectivity or not. And a cute trick you can pull is changing your Microsoft Account password, but still using your existing password under Windows 10. That's because the locally cached version is always checked first, and if it matches, that's enough to log you in. If it doesn't match, the password you entered is checked against your Microsoft Account password on Microsoft's servers and then, if that matches, that one is downloaded and cached locally and you're logged in. Thereafter you cannot use your most immediately previous password under Windows 10, but you can keep using your existing Win10 password until and unless you ever enter one that doesn't match the local one, and that one happens to match the one on Microsoft's servers. If it was a pure fat finger, I'm not sure what happens as I never deliberately tried that. I have tried all else described above, on multiple occasions over time to confirm it still worked this way. The last time was probably about a year ago.

Addendum: Any PIN set up will also work if the device has no internet connection, too.

 

[fincoder]

And that doesn't happen. Period. End of sentence.

What if your computer is online, but the account is locked by Microsoft? E.g. if a photo in OneDrive is deemed unacceptable, or due to a security event. Maybe forcing the computer offline might allow login?

The thing about local account is, none of that could possibly happen. With the online account I'm sure many of the potential issues are mitigated by cached password etc, but why rely on Microsoft's complex mitigations when you can simply use a local account?

 

[britechguy]

The thing about local account is, none of that could possibly happen. With the online account I'm sure many of the potential issues are mitigated by cached password etc, but why rely on Microsoft's complex mitigations when you can simply use a local account?

When I hear of the first instance, even one, of someone being locked out of their Windows 10 user account that's linked to a Microsoft Account, even when the Microsoft Account is locked, then we'll talk.

Windows 10 accounts are meant to work separately, and together with, a Microsoft Account. Microsoft would be in deep, deep legal doo-doo were they to block the owner of a personal computer from using said computer, as that's well outside their baliwick. Whether they can use their Windows 10 user account in conjunction with the Microsoft Account is an entirely separate issue.

 

[nlinecomputers]

@britechguy is correct for personal Microsoft Accounts. For systems linked to Azure Active Directory changing the password WILL lock the machine. Because it’s part of a larger organization that has the right to secure the machine so remote lock is supported.