Let’s take a look at a little trick to login to Windows with a local user account instead of a domain account. By default, when the user enters a username on the Welcome Screen of a domain-joined machine, and there is also a local account with the same name, the domain account will take precedence. We keep coming across people that don’t know this little trick, so we thought it would be worthwhile sharing.
Logging Into Local Accounts on Windows
After the computer is joined to the Active Directory domain, you can sign in under the domain or local user account. On the login screen in Windows XP and Windows Server 2003, there is a drop-down list “Log on to“. Here you can choose whether you want to log in under the domain account or using a local user (select “this computer”).
However, in newer versions of Windows, this drop-down menu no longer exists. Instead of this, a user is facing with a small button How to log on to another domain which appears near on the domain-joined computers Welcome Screen. If you click this button, the following tip will appear:
Type domain namedomain user name to sign in to another domain.
Type NY-FS01\local user name to sign in to this PC only (not a domain)
As you can see, the message contains the name of your computer/server (NY-FS01 in our case). If you want to login with a local account (for example, Administrator), type in NY-FS01\Administrator in the User name field and type the password. Of course, if your computer name is quite long, the input can be a real challenge!
Fortunately, there is a simple trick that allows you to log in under a local account.
Login Windows with Local Account without Typing Computer Name
Windows uses the dot as the alias symbol for the local computer:
- In the username field simply enter .\. The domain below will disappear, and switch to your local computer name without typing it;
- Then specify your local username after the .\. It will use the local account with that username.
You can also type the computer name followed by a backslash and the username, and it will do the same thing.
This way you can logon to a local account on a domain-joined computer on all Windows versions. This applies versions from Windows Vista to Windows 10/Windows Server 2016.
Tip. You can use the same trick when you need to use the local user credential to access the shared folder over the network (using SMB protocol).
Types of User Accounts in Windows 10
In Windows 10, you can use three types of accounts to sign in to the device:
- Local account — these accounts are stored in the local Windows security account database (Security Account Manager, SAM);
- Domain user — accounts are stored on the Active Directory domain controllers;
- Microsoft account — the account is stored in the Microsoft cloud. Its advantage is that you can use it on any computer, and the basic user settings with a Microsoft account will be the same on any Windows 10 computer. For the Microsoft account, as well as for local users, a separate profile is created in the C:\Users directory (%UserProfile%). Any local account can be linked to a Microsoft account.
Hint. Can you sign in with a Microsoft account without an Internet connection? Of course! You only need to be connected to the Internet when you create a Microsoft account or switch to a local account. After the first login, the credentials of that account are cached locally, and subsequent logins don’t require an Internet connection.
The default local Windows account name is Administrator. In modern versions of Windows, this account is disabled by default. Instead, when you first log in to Windows, you are prompted to create a new account. This account is automatically added to the built-in Administrators group.
If you do not know the names of local accounts on your computer, or you cannot log in under the built-in administrator (this account name can be renamed manually or via domain Group Policies), you can display a list of all local Windows accounts from the command line:
How to Login to Windows 10 under the Local Account Instead of Microsoft Account?
In the latest Windows 10 builds, Microsoft recommends using Microsoft accounts instead of local Windows accounts. On Windows 10 1909 you can’t even create a local account when installing Windows if you have an Internet connection available. If you do not want to use the Microsoft account on Windows 10, you can switch to a traditional local Windows account.
- Open the menu Settings > Accounts > Your info;
- Click on the button Sign in with a local account instead;
- Enter your current Microsoft account password;
- Specify a username, password, and a password hint for your new local Windows account;
- Press the Sign out and finish button;
- Now you can log in to Windows 10 under local account. Your Windows 10 account will disconnect from your Microsoft account.
Once you completed these steps, your Windows 10 account will be disconnected from your Microsoft account. It will switch to the traditional local account style.
Show All Local Accounts on Welcome Screen in Windows 10
On Windows 10 and Windows Server 2016/2019, you can list all enabled local user accounts on the Logon Screen. To show all local users on Windows 10 Welcome Screen:
- Open the local group policy editor – gpedit.msc;
- Expand the following GPO section: Computer Configuration > Administrative Templates > System > Logon;
- Enable the policy “Enumerate local users on domain-joined computers”;
- Update local policy setting on your computer using gpupdate command;
- Logoff, press Ctrl+Alt+Delete on your Windows 10 Welcome Screen, and check the local account list.
As a result, you do not need to type the user name manually, but simply select it from the local account list.
How to Allow or Prevent User from Sign in Locally on Windows 10?
By default, users in the local groups Users, Guests, Backup Operators, and Administrators can sign in locally to Windows 10. However, an administrator can use local or domain Group Policy to restrict logins to Windows locally.
If, when logging in with a local account, you are getting the error “The sign in method you’re trying to use isn’t allowed. For more info, contact your network administrator”, this means that this user or group is not allowed to log on locally.
If you have administrator rights on your computer, you can allow specific users or groups to log on to Windows locally.
- Run the local Group Policy Editor: Win+R > gpedit.msc;
- Browse the following GPO section: Computer Configuration > Windows Settings > Local Policies > User Rights Assignment;
- Find the policy Allow log on locally and open its properties;
- Click the Add User or Group button and add the local accounts/groups to the policy that you want to allow sign in Windows locally;
- Also, make sure there are no local accounts in the Deny log on locally policy. This policy takes precedence over the Allow log on locally settings.
Hint. Please note that you won’t be able to log in with your local Windows account to a domain controller. After promoting the member-server to DC, the local SAM database becomes unavailable. The only local account on the Active Directory domain controller is the DSRM Administrator.
- RDP error: This computer can’t connect to the remote computer - February 25, 2021
- Using iCACLS to List Folder Permissions and Manage Files - February 24, 2021
- How to Move Contacts from Exchange to iCloud? - February 22, 2021