How to switch to a local account in Windows 10?
brucine Posted messages 24375 Registration date Status Membre Last intervention -
Hello,
As part of my resignation, I bought the computer I was using from my company. It’s a small structure (fewer than 5 people) and we don't have an IT department (I am the admin of my PC).
The connection to Windows is made with my professional Windows account, which will be deactivated. I would like to continue logging in while keeping my files and especially my applications because some took a long time to set up, and others are old and difficult (if not potentially impossible) to reinstall. The solution I’m considering is to replace the connection with my professional Windows account with a local account. Normally I should have a "Sign in with a local account" link in Manage your account/Your info according to various tutorials I've seen online. I checked with a former colleague who does have this link. I tried to workaround the issue by creating a local account, administrator in Manage your account/Other users. The account is created, but when I restart the computer, it does not appear at the login screen.
I should mention that I am using version 10.0.19045 of Windows 10 Professional.
Could you help me solve this problem? Are there any alternative routes to creating a local account?
Thank you in advance.
4 réponses
Hello,
Is there not on this computer a local security strategy that should be disabled and that prohibits it?
In local strategies / user rights assignment:
- I removed the user "Guest" from "Deny log on locally" and "Deny access to this computer from the network" => there is no longer a blacklisted profile
- I checked the "Allow log on locally" setting. It includes Admin, Guest, User, and Backup Operator. My new local account is not listed, but I believe it pertains to groups, and my local account has admin status, so that should be fine
In Local Policies / Security Options:
- I set the "Administrator account status" parameter to "enabled," which according to the explanations allows for a local administrator account (hoping a lot for the modification of this parameter)
- The same parameter for the Guest account was already enabled. So no changes.
In Computer Management, my local account is well listed among the users.
And yet it still doesn't work!!!
When I start the computer, I only have 2 accounts (my created local account is not there):
- the MS account
- the "Other user" account
With the "Other user" account, and the option to log in with the "PIN," there is indeed a "username" field (instead of an email address field) and a "PIN" field. When I validate, having double-checked the entry, I get a message saying "incorrect PIN." And if I click "forgot password" and answer the questions, the reset of the new password fails (meaning I get another "incorrect PIN" message with this new password)!
The first parameter is not relevant, it only concerns guest accounts.
Where does this "other user" come from?
Are the different users listed in netplwiz (with the option to enter a password or not)?
It may also be that the machine is part of a domain, which is one I don't know well, and in which case only the domain administrator (the former employer) has control over it.
See here for details, including listing the different accounts that are activated or not; obviously we want the opposite (to activate), but you can just try the opposite:
https://poweradm.com/disable-local-windows-accounts-gpo/
There are various tricks to circumvent the problem, for example forcing the activation of the hidden administrator account to use it to create the administrator account, but as the manipulation you describe and unlike a simple conversion, they will fail to "replicate" the programs as they are not installed for all users.
Hello Brucine,
Thanks for the response. I've tried several things but I'm still stuck! The local account does not appear when I reconnect even though it is active and added to the Administrators group, the local administrator account setting is enabled, and everything regarding the computer logins is set to "not configured." So apparently, there are no restrictions!
When I enabled the local admin account, there were explanations about the necessity to reset the password. But since I don't have access to the local admin account at the computer's restart, I can't take action.
"Accounts: Administrator account status
This security setting determines whether the local Administrator account is enabled or disabled.
Notes
If you try to reactivate the Administrator account after it has been disabled, and if the current Administrator password does not meet password requirements, you cannot reactivate the account. In this case, another member of the Administrators group must reset the password on the Administrator account. For more information on resetting a password, see the article Resetting a password.
Disabling the Administrator account can, in some cases, create a maintenance issue.
In safe mode, the disabled Administrator account will only be activated if the computer does not belong to the domain and if there are no other active local Administrator accounts. If the computer belongs to the domain, the disabled administrator will not be activated.
Default value: Disabled."
I don't see what else I can do regarding the computer's settings!!! The point that intrigues me the most is that the local admin account does not show up at login even though it is created in "Other users" and when looking at the list with Get-LocalUser or with netplwiz. Could the block come from restrictions imposed by the company? If so, what should I do/look at?
This is a small business. Our professional accounts are linked to the company on AzureAD. My former partner, who normally has the same rights as I do, has an option "sign in using a local account" under their name in the "Your info" interface. As for me, I don't have this option. I have to go into "Other users" to create a local admin account. What could be causing this difference?
Another potential difficulty. In "Other users," I have 2 categories.
"Work or school users" in which I have my Microsoft AzureAD admin account. But when I click on it, the 2 options "change account type" and "remove" are not accessible.
"Other users" where I have my local admin account, and with both options accessible.
I was thinking of deleting the Microsoft admin account (which will anyway be disabled soon) and keeping only the local account. But apparently, I don't have permission to do that.
Thanks in advance for any further advice.... ????
I indeed believe, as I mentioned earlier, that the restrictions can only result from the fact that the account is linked to a domain under these conditions.
This is an area where I have no expertise, but I assume that the Microsoft account must be detached from this domain by its administrator after, of course, backing up any shared remote resources locally if applicable.