Let’s look at how to log in with a local account or local admin account instead of a domain account on Windows. By default, when the user enters a username on the Welcome Screen of a domain-joined computer and has a local account with the same name, the domain account will take precedence. We keep coming across people who don’t know this little trick, so we thought sharing would be worthwhile.
Logging to local account on domain computer
After the computer is joined to the Active Directory domain, you can sign in under the domain or local user account. On the logon screen, a user faces a small button: How to log on to another domain, which appears near the domain-joined computers’ Welcome Screen. If you click this button, the following tip will appear:
Type domain namedomain user name to sign in to another domain.
Type NY-FS01\local user name to sign in to this PC only (not a domain)
As you can see, the message contains the name of your computer/server (NY-FS01 in our case). If you want to login to your local account (for example, Administrator) or other user, type in NY-FS01\Administrator in the User name box and type the password. Of course, if your computer name is quite long, the input can be a real challenge!
Fortunately, a simple trick allows you to sign in to a local account.
Why login with a local account?
Logging into your Windows computer with a local account or local administrator is a great way to carry out admin-based local operations. For example, if you have a computer that has a busted Windows Domain join, you will need to login locally to gain access to the desktop with local account info, so you can resolve the domain join issue.
How to login local account without typing the computer name?
Windows uses the dot as the alias symbol for the local computer:
- In the username field, enter .\. The domain below will disappear, and switch to your local computer name without typing it or having a switch user button;
- Then specify your local username after the .\ on the normal login screen. It will use the local account with that username.
You can also type the computer name followed by a backslash and the username, which will do the same thing.
This way, you can log in to the local account on a domain-joined computer on all Windows versions.
Domain controllers and local logon
Please note that you won’t be able to log in with your local Windows account to a domain controller. After promoting the member-server to DC (using dcpromo command), the local SAM database becomes unavailable. The only local account on the Active Directory domain controller is the DSRM Administrator.
Placing a domain controller in DSRM mode
After rebooting the domain controller, you can only login with a local account. The domain controller will note it is running in “Safe Mode.”
Domain controller in Directory Service Restore Mode (DSRM)
Tip. You can use the same trick when you need to use the local user credential to access the shared folder over the network (using SMB protocol).
Show all local users on sign-in screen in Windows
You can also make it easier for your users to log in to local accounts on domain computer by allowing them to display a list of enabled local users on the Windows sign-in screen. You can enable this feature via the Group Policy.
To enumerate all local users on the Windows Logon Screen:
- Open the Local Group policy editor – gpedit.msc;
- Expand the following GPO section: Computer Configuration > Administrative Templates > System > Logon;
- Enable the policy “Enumerate local users on domain-joined computers”;
- Update local policy settings on your computer using the gpupdate command;
- Logoff, press Ctrl+Alt+Delete on your Windows Welcome Screen, and check the local account list.
As a result, you don’t need to type the user name manually but select it from the local accounts list and enter its password.
This will work on all supported versions, including Windows 10/11 and Windows Server 2016/2019/2022.
If your account is not a member of Administrators. Backup Operators, or Users local security group, you will receive an error when you try to login with local account:
The sign-in method you’re trying to use isn’t allowed. For more info, contact your network administrator
This means that this user or group cannot log on locally. You can configure the list of users and/or groups allowed to log on locally using the allow log on locally GPO option.
Switch from a Microsoft account to a local account in Windows 10/11
In the latest builds of Windows 10 and 11 (21H2, 22H1, 22H2), you cannot create a local account when installing Windows. Microsoft recommends using Microsoft accounts instead of local Windows accounts. For Windows Setup to prompt you to create a local account, you must disable your Internet connection (Wi-Fi or Ethernet) when you install Windows.
In Windows, you can use three types of accounts to sign in to the device:
- Local account — these accounts are stored in the local Windows security account database (Security Account Manager, SAM). You can list local users on a computer with the command:
net user
- Domain user — accounts are stored on the Active Directory domain controllers;
- Microsoft account — the account is stored in the Microsoft cloud. Its advantage is that you can use it on any computer, and the basic user settings with a Microsoft account will be the same on any Windows computer. For the Microsoft account and local users, a separate profile is created in the C:\Users directory (%UserProfile%). Any local account can be linked to a Microsoft account.
Hint. Can you sign in with a Microsoft account without an Internet connection? Of course! You just need to stay connected to the Internet when creating a Microsoft account or switching to a local account. After the first login, the credentials of that account are cached locally, and subsequent logins don’t require an Internet connection.
If you do not want to use the Microsoft account on Windows, you can switch to a traditional local Windows account.
- Open the menu Settings > Accounts > Your info;
- Click on the button Sign in with a local account instead;
- Enter your current Microsoft account password or PIN;
- Specify a username, password, and a password hint for your new local Windows account;
- Press the Sign out and finish button;
- Now you can sign in to local account on this Windows computer.
Once you complete these steps, your Windows account will be disconnected from your Microsoft account.
How to login Windows via Remote Desktop (RDP) with a local account?
The above trick for logging into a domain-joined Windows device under a local account using the .\Administrator account format does not work if you logging into a remote computer over RDP.
When you specify .\administrator in the Remote Desktop Connection client window (mstsc.exe), your RDP client resolves that to <your_current_computername>\Administrator, and not to <remote_server _name>\Administrator.
Accordingly, you will not be able to RDP into a remote computer if the passwords of the local and remote users are different.
To connect to a remote domain computer via RDP with a local Windows account, you can use one of the following formats for specifying the username:
- Specify the hostname of the remote computer, eg:
wks323221s\administrator
- Specify the IP address of the remote computer:
192.168.100.221\administrator
- Use shorthand local instead of remote machine name:
local\ administrator
In these cases, the RDP client will understand that it needs to use the local Windows user on the remote computer to authenticate.
For a local user to be able to connect to a domain computer via RDP, he must be a member of the Remote Desktop Users group or added to the local policy Allow Log on through Remote Desktop Services in the following section of the GPO editor (Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights).
Otherwise, you will see an error:
To sign in remotely you need the right to sign in through Remote Desktop Services. By default, members of the Administrators group have this right, or if the right has been removed from the Administrators group, you need to be granted this right manually.
By default, RDP login is allowed only for members of the local Administrators group.
Wrapping up
In administering Windows environments, you will undoubtedly need to login with a local user account at some point to carry out local administrator tasks, such as rejoining a broken domain join. With the simple trick provided, you can easily login with a local account without knowing the local computer name, saving the frustration of finding the computer name.
17 comments
OK but how do I know what password to use? Do I use the same password as the one I use IN the domain?
No, if the account has a password it will be the password of the local account, it’s not the same as the password of your domain account, unless this has been configured this way.
I’m having the same problem. I’ve used the.admin trick…and it worked. Now I need a trick to either figure out the password, or bypass it. My laptop screen is busted, so i have to use the HDMI port to a flatscreen tv. I can’t see the bios on bootup, because the port only activates at the gui.
How can I do if have forgotten my local account password? What I remember is only username.
On my Mac, I have to connect to a PC using this format: password@ComputernamePC as the username. I tell it to remember this in my keychain but it does not remember the username. Is there a way to create a shortcut with the information embedded?
you should check out the tools of comtarsia!!
signon.comtarsia.com
you can logon via comtarisa proxy server to the AD domain by ldap, the logon client make a local logon with local user (managed automatically) and you can synchronize stanalone server or another domain…
I managed to log into a local account with this guide on Windows 10.
Thank you very much!
I have a school account the says you can sign into a different domain but I want to sign into my local account instead of logging in as a school account and when you type in the ./ do you press enter after that or does it automatically change. Hope you can get back to me as soon as possible and I would appreciate your help!
Don’t. It get’s you suspended. I speak from my own pain. Middle/high school suspension also stays on your record.
Trust me on this one.
Wait. what? how can we get suspended? i mean, what do they not like about us signing in to a different account? im pretty close to figuring out how to do it, but i dont want to get in trouble.
Not being on their domain gives them little to no capability to track your activity, and to limit what you can and cant do.
I also got an in school suspension for doing so (But to be fair… It’s because my school didnt like Halo being installed onto their PC’s so we could run LAN Parties at lunch.)
My question is as mentioned before. If I am able to use username information. What do I put for the password or bypass the password to log in?
in order to restore your password, you need to login with another admin account. There, go to user management and select a new password.
s*** like this is why i hate MS so much. lets see how difficult we can make it for our users. not everyone wants to hook up to them or a corp account. @@3;($$/$/:(
It’s not possible as far as I can tell to remotely connect to the LOCAL account of a Windows 10 machine using the Remote Desktop Client for Macintosh (at least not from Catalina). No matter how you specify the Windows10 machine name, it ALWAYS uses the domain account! Using the .\ shortcut does not work. Specifying the machine name first with a backslash like “MyMachineName\MyUserName” does not work either – it completely ignores “MyMachineName” and assumes you want to login to the domain account for that machine! The only fix is to unjoin the remote windows10 machine from the domain and set it back to a workgroup name (the same name as the domain). I’ve reported this bug to Microsoft (bug in Mac RDP Client). It worked just fine in Mavericks, but alas, MS, lately has been wreaking havoc with, formerly working, software (all their time is spent on their insanely expensive cloud services and not with their Operating Systems nor with local versions of Office!).
Thank you, well explained
The . trick was absolutely brillant! Checked many forums and finally found it!
Comments are closed.