Hacker News new | past | comments | ask | show | jobs | submit login

This is also currently the only way to bypass the need for an MS account when setting up a new PC.



And MS accounts make zero sense to anyone who has a private NAS or need to interact with anything non windows with kerberos.


It's worse than that. The account it creates is somehow "special". I have not yet figured out a way to connect to a computer with an MS account via RDP (yes, RDP is on and allowed through the firewall, the user is a local admin (the default)). Ditto for accessing that PC's shares.


FWIW, I just did this two days ago with a Win11 machine that I set up solely for remote access.

Created an MS account (because I want this machine to be as normal-user as possible), set up a PIN. Signed in with a PIN to the desktop, run 'Remote desktop settings' and fip the 'Remote Desktop' toggle to on and affirm the prompt that asks if you really want to do this.

After that no issue RDPing to the machine by IP or hostname from another machine on the same LAN. Username and password is the same as the MS account I first signed in with.

(For reference, Windows 11 22H2 running on an HP Prodesk 600 G5, RDPing from macOS using Microsoft Remote Desktop 10.7.10 installed via App Store.)


You have to delete the PIN it forced you to create during OOBE. This forces the system to apply your MSA's password to the actual account. Without this step, the account has no password. You can still recreate the PIN afterwards and it won't delete the password.


Lmfao, how does a company with the resources of Microsoft be so bad at writing an OS. Mind blowing.


PIN is only used for local logins because it's part of Windows Hello, meaning it literally is the PIN to unlock the password credentials where they are stored in the TPM.


You use the username MicrosoftAccount\email@address.com and the user password.


You can also try to join a domain, enter bad credentials, wait for the error to show up, and then select a local account I believe. That may not be available in the home edition of Windows 11, though.


IIRC you don't need bad credentials. It just offers to create a local account, without even asking to connect to the domain.

But yeah, I'm pretty sure the domain join is only an option on the pro and enterprise editions.

I've also found out that the domain join is only offered if it can contact the internet. I installed this on a brand-new laptop the other day, and it didn't detect the wifi card and it had no wired network. It absolutely refused to go past the "let me connect to the internet" phase until I went through the "hidden terminal" dance.


The "domain join" is misleading. It does not really join the domain, it just creates local account. Joining domain has to be done manually after installation. (Otherwise, network connection is a logical requirement for for domain join, you need to contact DC after all.)

This is in a stark contrast with current linux desktop distributions, which do allow domain join straight from their OOBE.


Im not sure you can even do that anymore with the last edition. But bypassnro is still there.


Nope - see my previous answer in this thread ;-)


That works on Win10, but not Win11, afaik.


Have not yet played with Win11, I must try that that one day and find out…


it didn't work on my new laptop




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: