Setting up a new computer or a virtual machine should be an exciting experience, but modern versions of Windows 11 have made it increasingly difficult to maintain privacy right out of the box. Microsoft effectively forces users to sign in with an online account during the initial setup, which many people, including privacy enthusiasts, find intrusive. In this lesson, we will explore the technical methods to bypass this restriction. We will move from the simplest commands to more advanced manual configurations, ensuring that no matter which version or build of Windows 11 you are running, you can successfully create a local user account.
When you first boot up Windows 11, you are greeted by the “Out of Box Experience,” technically known as OOBE. This is the series of screens where you select your region and keyboard layout. To begin our modification, we need to interrupt this process and open a command interface. On most desktop computers, you simply press the Shift and F10 keys on your keyboard simultaneously. However, if you are using a laptop, the function keys might be locked behind a modifier, so you will likely need to press the Function key (Fn) plus Shift plus F10. This action opens the Administrator Command Prompt, which is a black window allowing us to issue direct instructions to the operating system. It is important to click on this black window to ensure your typing is registered there and not on the setup screen behind it.
The most reliable method for current stable versions of Windows involves a built-in script hidden within the system folders. Before you execute this, you must ensure that your computer is physically disconnected from the internet. If you are on Wi-Fi, do not connect to a network yet. If you have an Ethernet cable plugged in, please unplug it. If you cannot unplug the internet physically, you can disable the network card via software. Inside the command prompt, type ncpa.cpl and press Enter to open your network connections. Right-click your network adapter and select Disable. Once the internet is cut off, return to the command prompt and type the following command to run the bypass script.
oobe\bypassnro
This command triggers a script that modifies the Windows registry and immediately restarts your computer. When the computer boots back up and returns to the network connection screen, you will see a new option that says “I don’t have internet.” You must click this option, and then select “Continue with limited setup.” This allows you to create a username and password that exists only on your computer, without sending data to Microsoft.
However, technology changes rapidly, and in newer “Insider Preview” builds of Windows 11, such as the Canary or Dev channels, Microsoft sometimes removes that specific script. If the previous command returns an error, we must use a different approach. Another command that works on specific builds attempts to launch the local account creation tool directly. In your command prompt window, type the command carefully.
start ms-cxh-localonly
If your specific build supports this, the screen will momentarily flash and then take you directly to the username creation page. If the computer simply reboots and returns to the start without changes, it means this method is patched, and we must proceed to a manual registry edit. This is a more advanced technique where we manually do what the automated script used to do.
To perform the manual registry edit, type regedit in your command prompt and press Enter. This opens the Registry Editor. You need to navigate through the folder tree on the left side. Go to HKEY_LOCAL_MACHINE, then expand Software, then Microsoft, then Windows, then CurrentVersion, and finally click on the OOBE folder. You are looking for the OOBE key, not just expanding it. Once you have clicked on OOBE, look at the right side of the window. Right-click in the empty white space, select New, and then choose DWORD (32-bit) Value. You must name this value exactly BypassNRO with the correct capitalization. Once created, double-click on BypassNRO and change the “Value data” from 0 to 1. Click OK to save it. Now, close the Registry Editor and type the shutdown command to restart your machine immediately.
shutdown /r /t 0
There is also a very distinct method that involves the Developer Console, which is useful if the command prompt is restricted or behaving strangely. Instead of opening the command prompt, you can press Control plus Shift plus J on your keyboard. This opens a different coding environment. In this console, you can type a JavaScript command that forces the local account flow. This is essentially telling the Windows setup application to switch its behavior to a local-only mode. You would type winjs.application.restart(“ms-cxh-localonly”) into the console. This is a highly specific workaround found by the community and works surprisingly well on builds where standard commands fail.
Finally, if you find yourself on a version where the OOBE interface is completely broken or locked down, you can create the user manually before Windows even finishes installing. Open your Administrator Command Prompt with Shift plus F10. You will use the net user command. First, add your desired username to the system database. For example, if your name is David, you would type the command to add David.
net user David /add
After adding the user, you must ensure this user has the authority to install software and manage the computer. To do this, you add the user to the local administrators group. You type the command net localgroup administrators David /add. Following this, you can execute commands to disable the default administrator account and delete the temporary defaultuser0 account that Windows uses during setup. This method is the “nuclear option” because it completely circumvents the standard user creation wizard.
By understanding these different layers of the operating system, you have taken control of your computer’s initial configuration. Whether you used the simple bypass script, the registry edit, or the manual user creation, you now have a Windows 11 installation with a private, offline account. Remember, once you have successfully reached your desktop, you must re-enable your network adapters using ncpa.cpl or the Device Manager so that you can browse the web and download necessary drivers. Always stay curious and question the default settings presented to you.