What are your reasons for attaching your MSA after OOBE?


So I know Paul recommends creating a local account when you set up a PC for the first time and then adding your Microsoft account later. For folks who do that, what are your reasons why?

Now, I don’t mean “because I don’t use a Microsoft account” or “because I plan to join it to my home domain”. I specifically mean, if you plan to skip the Microsoft account step in OOBE and then go and attach it later.

I personally agree, and I have my reasons, but what are yours?

Full disclosure: I work in Windows and my team is trying to streamline the setup experience for consumers.

Comments (21)

21 responses to “What are your reasons for attaching your MSA after OOBE?”

  1. wunderbar

    I don't go through the hassle of not logging in with MSA, but the thing that bothers me the most about it is that the hostname you get when you set up a computer is a nonsense DESKTOP-RANDOMSTRING or LAPTOP-RANDOMSTRING and even if you change it after, it doesn't always update in onedrive/online tools, so you're stuck figuring out which nonsense name is for which computer. If you use a local account, change the hostname, and then link a MSA it appears correctly 100% of the time.

    That's truly the biggest thing. Other than that I personally don't care. Heck, just give me the ability to set a custom hostname when setting the computer up. That'd fix that entirely.

  2. waethorn

    folder name in Users subfolder

    • SWCetacean

      In reply to Waethorn:

      Exactly this: I don't want my User folder to be named after the first 5 characters in my MSA email address. It would be easier if I could set my User folder name during setup, or even better, at any time. If I have to log out for the change to take effect so be it.

    • waethorn

      In reply to Waethorn:

      Just to add: Why can't the folder name be synchronized to the actual user name, or at least something close to it?? This has been an issue since forever with Windows. Can't you just invisibly sign out of the Windows account while the folder is changed and sign back in automatically without needing to re-authenticate?

  3. AnOldAmigaUser

    The first account I create on a new computer is always a local account, and since it is the administrator by default, I never add an MSA to it. After that, I add my account, and any family member that might use the computer as local accounts to get the subfolders in Users consistent, and then attach MSA's if they use the computer. The other reason I use MSAs is that they can then use the home network to connect to shares on other computers that are used as file servers.

  4. justme

    Several reasons, most of them already covered. I'd rather make configuration changes before logging in with an MSA given Windows's propensity to reboot during an install. I prefer the directory structure too, as others have already mentioned. I uninstall almost every app except the store and calculator, and I very rarely sync anything (in general, I dont use the cloud). Once the OS is set up the way I want with the cruft gone that I want removed, I'll log in and get any updates to the few apps I cant uninstall. For me personally, there is very little reason to ever run with an MSA.

  5. curtisspendlove

    Paul (and others below) have covered my reasons, but the big one for me is initial device configuration.

    I have a very specific set of software I install on (most of) my machines. This is based largely on a batch file which utilizes some utilities (such as chocolatey) to get my preferred dev setup. (It also goes through and tweaks a bunch of settings, including shutting off Dev services, database engines, and other daemons by default if it is also a gaming rig. I also have a couple other batch files that spin up / shut down applicable daemons for various types of development...e.g. my nodejs prep script starts MySQL, Docker, and a few other services.)

    I’m also a redneck, and therefore in a fairly low bandwidth situation. ;) It is irritating to have a crap ton of cloud services competing for the bandwidth during the rest of the setup and configuration (the .bat script specifically installs cloud services at the end so I can be up and running while everything else downloads—which generally takes several days to finish).

    I link my MSA to my local account after the initial process with the batch file is complete. At that point I’m fine with OneDrive, et al kicking in and working its magic.

    P.S. I think it is awesome that you are doing this research and disclosing it is for fine-tuning the process. This helps us give some proper feedback. :D

  6. robincapper

    I do it so have a local admin account (for installs etc) and run my Microsoft account as standard user

  7. Patrick3D

    #1 Reason: at work we create a local admin account during setup to avoid needing to have the machine online. We don't want updates to automatically install during the OOBE phase, we just want to get the OS and apps installed so we can get the machine in the customer's hands as fast as possible. Once a machine is ready we then run through updates if there is time.

    #2 Reason: it is bad security practice to login to a customer machine with an IT administrator account due to the increased risk of the machine having viruses (customers are typically computer illiterate, do ignorant things.) Better to use a local account that if compromised can't immediately affect other machines on the network, than a network account that has privileges, even if limited.

    #3 Reason: this ensures there is a local admin account we can login to if the machine is failing to connect to the network after having been deployed.

    At home I just use my MSA account to see if Microsoft made any improvements to the OOBE, the answer is always NO, of course.

  8. Bill Strong

    I use unRaid. When logging into shares, I could never get the right magic combination for MSAs to work. Local accounts just work. I haven't tried adding a MSA afterward, I still need to do so, but if they don't, I simply won't use them. I will only use them per app.

    • nerdile

      In reply to Bill_Strong:

      Hmm. If unRaid depends on integrated Windows authentication, then you'd need to use an AD domain or have local accounts that have locally stored passwords. If you set up your account to sign in with the MSA password instead of a local password, then it wouldn't work. But you can associate the MSA without replacing the local password, and that should work.

      • Bill Strong

        In reply to nerdile:

        unRaid is a Linux distro for NAS, docker and VM purposes. It shares files over SMB by default, with support for AFS, NFS and FTP.

        unRaid just uses SMB 3 protocol with samba. No AD or anything else. unRaids's UI doesn't support the @ character in the user name, so there is an error prone command line and config file setup detailed in unRaids forums to make them work that I never managed to make work.

        Conversely, local accounts just work, so the first time I ran into the problem, I simply downgraded my account to a local account. No more problem.

  9. andrewtechhelp

    The biggest reason for me: If I sign in with an MSA out of the box, my user folder gets named 'andre' (the first 5 letters of my MSA email address). My name is Andrew, not Andre and therefore I create a local account with the name 'Andrew' and then link it to my MSA later so that my user folder is correctly named 'Andrew'.

Leave a Reply