An employee from one of the customers in Oxford contacted us with an IT issue on their personal Windows 11 laptop. They had the laptop set up with a local administrator account (not linked to Microsoft). At some point, a guest was using the laptop and somehow linked the local user account to their Microsoft account. It also appeared that the Microsoft account in question was a child’s account.
The main issue was that the laptop was now constantly popping up various login prompts asking to enter a Microsoft account password to verify the identity, sync data, send screen time requests, etc. Windows 11 Settings > Accounts page was also now displaying the guest’s full name. Obviously, the guest had long left Oxford and the user didn’t know (and didn’t want to know) their password.
Normally, when a local user account gets converted to a Microsoft account, you can un-do this by going to Settings > Accounts > Your Info and clicking “Sign in with a local account instead“. Unfortunately, in this case, there was no such option as the account was still a local admin account, just linked to a child’s Microsoft account.
There was no way to unlink the accounts in Windows Settings that I could see, so I had to resort to modifying the Windows Registry. Usual Windows Registry warnings apply – perform this at your own risk and make sure you have an up-to-date backup in case something goes wrong. Anyway, below are the changes I had to make to resolve the issue:
- Open Registry Editor (regedit.exe)
- Delete the following two registry keys:
- HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL
- HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL
After rebooting the computer, all the annoying login prompts were gone and Settings > Accounts page was now displaying the correct user’s name. There was still the child’s account listed in Settings > Accounts > Email & Accounts, but I had no issues deleting it from there.
April 2024
Note:
I found some tutorials online saying that it’s sufficient to delete HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\StoredIdentities\<microsoft_account_name>, but in this case, it didn’t work, I had to delete the whole IdentityCRL.