On Windows 11 Pro and Home editions, creating local accounts will become more difficult.
The latest beta (build 26120) provides a preview of this change. Several mechanisms that had been exploitable during the initial setup no longer work. Microsoft justifies this decision by citing the risks to support and security that stem from incomplete configurations*.
The main mechanism targeted: the command start ms-chx:localonly. It launches Cloud Experience Host, which runs during the initial setup to display certain pop-ups. Adding the localonly option opens the legacy local account creation dialog. There is a variant start ms-cxh://localonly usable in the developer console, which can be opened during setup thanks to the Ctrl-Shift-J shortcut. It is also available in the form start ms-cxh://setaddlocalonly.
Microsoft had already closed the door on the ByPassNRO script
The “Cloud Experience Host” method had bridged the removal, announced at the start of 2025, of another command-prompt-based mechanism (to be opened with Shift-F10). It relied on activating a ByPassNRO script that had been intentionally provided.
Domains, Audit mode and Unattend Files
On Windows 11 Pro, the option to “Join a domain” still works, even if there is no such domain.
Another method that still appears to function is Audit Mode, which is part of Sysprep (System Preparation Tool). Activating it (Ctrl-Shift-F3) logs you in as a local administrator. From there, among other things, you can create a local account.
Over the years, other methods have emerged as well. Among them, interrupting the network sign-in flow with taskkill.exe or by opening the Task Manager. Another solution is to create a local account directly from the command line (net user /add, then net localgroup /add) and then bypass the setup (mssoobe.exe && shutdown.exe -r).
Media-creation tools have implemented some of these mechanisms. ByPassNRO is one of them. The answer file (unattend.xml), to be placed at the root of the drive, is another. With these, one enters a fleet-management approach, which can also lead to the exploitation of tools such as MDT (Microsoft Deployment Tool) or WCD (Windows Configuration Designer).
As a counterweight to this tightening, Microsoft includes, in the initial setup experience, a command-line tool that allows you to customize the name of the user folder.
* For example, the absence of automatic backup of the system drive encryption key to OneDrive… and thus the lack of automatic activation of this encryption. Microsoft also mentions the Windows Hello recovery procedure.
