Bypass microsoft account with new pc install

 

During the initial setup of a new Windows 11 PC, you can bypass the Microsoft account requirement by disconnecting from the internet and utilizing a specific command in the Command Prompt. This enables you to establish a local, offline account instead.

Method 1: Utilize the “start ms-cxh:localonly” Command

This method is the most straightforward for current versions of Windows 11 and does not necessitate a system restart.

Upon reaching the “Let’s connect you to a network” screen, press Shift + F10 on your keyboard. For certain laptops, you may need to press Shift + Fn + F10.

A Command Prompt window will be opened. Type the following command precisely as displayed: start ms-cxh:localonly.

Press Enter.

The Microsoft account sign-in window will be replaced with a screen that prompts, “Who’s going to use this device?”.

Enter a name for your local account, click Next, and complete the remaining installation process as you would normally.

Method 2: Bypass with “OOBE\BYPASSNRO”

If the first method does not function on your specific build, you can employ the “BYPASSNRO” command.

At the “Let’s connect you to a network” screen, press Shift + F10 (or Shift + Fn + F10) to initiate the Command Prompt.

Type “OOBE\BYPASSNRO” and press Enter.

The computer will automatically restart.

Following the reboot, you will be returned to the network screen, but a novel option for “I don’t have internet” will be presented.

Select “I don’t have internet,” then choose “Continue with limited setup” on the subsequent screen to establish a local account.

Method 3: Utilize a “Banned” Email Address

This workaround exploits Microsoft’s systems that restrict frequently used fake email addresses.

Upon reaching the Microsoft account sign-in page, enter “no@thankyou.com” as the email address.

Enter any text for the password and click “Sign In.”

An error message will appear, indicating that “Oops, something went wrong.”

Clicking “Next” will redirect you to the screen for creating a local account.

Method 4: Installation via Bootable USB Drive with Rufus

For a fresh Windows 11 installation, utilize the free third-party tool Rufus to create your installation media and automate the local account setup.

Download the Windows 11 ISO file and the latest version of Rufus.

Utilize Rufus to create a bootable USB drive.

During the Rufus setup, activate the option to “Remove requirement for an online Microsoft account.”

Boot your new PC from the USB drive to install Windows 11 with the bypass already configured. 

How To Clear The SSSD Cache In Linux

The System Security Services Daemon (SSSD) provides access to identity and authentication providers. Basically rather than relying on locally configured authentication, SSSD is used to lookup its local cache. The entries within this cache may come from different remote identity providers, such as an LDAP directory, FreeIPA, or Active Directory for example.

SSSD caches the results of users and credentials from these remote locations so that if the identity provider goes offline, the user credentials are still available and users can still login. This helps to improve performance and facilitates scalability with a single user that can login over many systems, rather than using local accounts everywhere.

The cached results can potentially be problematic if the stored records become stale and are no longer in sync with the identity provider, so it is important to know how to flush the SSSD cache to fix various problems and update the cache.

Here we’ll cover a couple of different methods to flush out the SSSD cache.

The sss_cache Tool

The cache can be cleared with the sss_cache utility which is used for performing cache cleanup by invalidating records in the SSSD cache. Invalidated records must be reloaded fresh from the identity provider server where the information actually resides, such as FreeIPA or Active Directory for example.

The -E flag can be used to invalidate all cached entries, with the exception of sudo rules.

sss_cache -E

Alternatively we can also simply invalidate a specific user only from the cache with the -u flag, followed by the account username.

sss_cache -u user1

For further information, see the sss_cache manual page.

Deleting Cache Files

SSSD stores its cache files in the /var/lib/sss/db/ directory.

While using the sss_cache command is preferable, it is also possible to clear the cache by simply deleting the corresponding cache files.

Before doing this it is suggested that the SSSD service be stopped.

systemctl stop sssd

After this we want to delete all files within the /var/lib/sss/db/ directory.

rm -rf /var/lib/sss/db/*

Once complete we can start SSSD back up again.

systemctl restart sssd

SSSD should now start up correctly with an empty cache, any user login will now first go directly to the defined identity provider for authentication, and then be cached locally afterwards.

It’s recommend to only clear the cache if the identity provider servers performing the authentication within the domain are available, otherwise users will not be able to log in once the cache has been flushed.

Conclusion

The SSSD cache can easily be removed by simply deleting the files where cached records are stored, or it can be done more cleanly with the sss_cache tool which will invalidate specified records from the cache.