In the latest Windows 11 preview build, Microsoft removed the “bypassnro” command, which let users skip signing into a Microsoft Account when installing Windows.
-
I might be OOTL but wasn't there some concerns with the developer or something? I thought I heard something but I forgot what
https://www.reddit.com/r/linux/comments/1buhnrs/is_ventoy_safe_in_light_of_xzliblzma_scare/
It's basically a security nightmare.
-
Which suggests to me that MS stores plaintext passwords. Because a hash function doesn't care about the length of what it's hashing, the output will always be the same length, so they could verify a 300 character password with the same storage space as a 3 character password.
Not how it works. You don't attempt to guess the hashed password, you guess a password which then is hashed
-
This post did not contain any content.
My 1st desktop had Windows 95 on it. It worked OK. A few years later, I bought a laptop pc with WindowsME (Millennium Edition), and it became the last Windows product I've owned. A work colleague installed Windows 2000 on that laptop, and it worked for a couple months, until I got my "blue screen of death."
At that time, they started selling the ePC notebooks, available with WindowsXP or Linux (the XanderOS) I stepped out of my comfort zone, and got the XanderOS variant, and have had Linux computers since. I'm currently using Mint on an old Panasonic CF-30, and Ubuntu on 2 laptops built by System 76.
My wife likes Mac, but I'm not a fan. My kids get a pretty rounded experience, between using their moms Mac, their dads 2 variants of Linux, and their Chromebooks at school.
-
A few weeks ago I helped one of my client's employees set up their brand new laptop, which came with Win11 installed, of course. They just need it for basic work stuff and there's no chance in hell anything other than Windows is a viable option here.
We work remotely so I would help them get set up to a point where they could at least share their screen to me, or I could take over via remote access myself. I just needed to guide them through the steps "blind" for a short while.
So we go through the Windows 11 first time setup together. All seems to go ok until Windows asks them to log into their MS account or create one. No problem, we should be able to do that, right? Only that we can't. We're connected to the WiFi, etc., yet they get some generic ass error message like "Sorry, something went wrong" and that's that.
Ok, so we can't log in with an online account. Let's try offline as a fallback! We set the username, password... "Sorry, something went wrong" again. I don't use Windows myself, I've been a Linux user for years now, I don't have any freaking clue how to remotely diagnose an vague issue that literally prevents them from getting the laptop to a functional state. So I Google the problem and the recommended answer is to run this magic "bypassnro" command. It will cut all the mandatory online account bullshit, move straight to a reliable offline account setup screen, and allow us to, you know, actually do work? And it worked!
If I hadn't had that command at my disposal, that I had to use to work around Microsoft's broken ass setup UX, I would've probably spent twice or three times longer coaching my non-tech-savvy client through booting into fail safe mode and doing all kinds of arcane sysadmin shit that I don't even have to ever think about in Linux. All this just to get them into the desktop.
And Microsoft have decided to take it away. Nice one.
I was trying to set up win 11 laptop for my mom and ran into S mode, that took like an hour to walk my elderly mom through the steps to disable it so I could remote in. Finally gave up and grab a MS approved remote desktop app to remote in a disable the S mode, its s for Shit. Of course the other remote desktop app crashed.
Sorry family, no more windows PCs for you -
This post did not contain any content.
This with Windows 11 LTSC IoT edition?
-
This post did not contain any content.
Apple does this.
Microsoft is now doing this.
I wonder how long until Google start doing it with Android
This future is so fucking dystopian
-
https://www.reddit.com/r/linux/comments/1buhnrs/is_ventoy_safe_in_light_of_xzliblzma_scare/
It's basically a security nightmare.
Oh geez..
-
This post did not contain any content.
I put this in another thread:
It's not a big deal. They're removing the bypassnro.cmd script, which is just this:
@echo off
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0
You can still use shift-F10 at the same point, type those two lines (not the @ECHO OFF), and it will achieve the same result.
-
I discovered recently that they make the regular ISOs hard to access too. It didn't want to let me download it from a linux machine.
But there's always a way to access this stuff.
What are the legal issues?
licensing. both if you don't plan to buy it, and if you do, because as I understand it's hard to obtain, and maybe hard to keep too
-
Apple does this.
Microsoft is now doing this.
I wonder how long until Google start doing it with Android
This future is so fucking dystopian
Arent they already for official OEM ROMs?
-
Arent they already for official OEM ROMs?
Really?
I've used Samsung and Motorola Android phones, I can set them up offline.
I assume every other OEM is the same.
-
How the hell are we supposed to install it without a Internet connection? I worked in a company that was so hard on security that only certified machines were allowed access to the net, so virtual machines were not allowed to access the LAN and therefore the Internet. Generally not a problem as we just used them to test software on different OS versions, so no Internet required.
This change disallows all offline installs. What is their gain? Are they that keen on our data or are they planning to use the connection to a Microsoft account for something even worse than just selling personal information?
I could think of a few reasons and none are nice...I used the iso modification tool from the GitHub for ChrisTitus before installing with good results
-
I put this in another thread:
It's not a big deal. They're removing the bypassnro.cmd script, which is just this:
@echo off
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0
You can still use shift-F10 at the same point, type those two lines (not the @ECHO OFF), and it will achieve the same result.
So you're telling me 2% of new Window's users won't be forced to make an account? Neat!
This is not about the technically savvy. The populace is being conditioned into not owning what they purchase. This will in turn make everyone's life worse.
-
It's like when they say "We value your privacy" it really means "Selling your data is worth a lot of money/value to me".
"User Security" means "We want to secure customers/users for our cloud services by forcing a login to a microsoft account"
My favorite iteration of the first point is "we take your privacy seriously" to "we take your privacy. seriously."
-
We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11. This change ensures that all users exit setup with internet connectivity and a Microsoft Account.
Any windows fanboy cares to explain how this supposedly enhances a user's security?
The spin on requiring an internet connection being phrased as 'ensures all users exit setup with internet connectivity' is amazing too.
It increases security ^of the Microsoft share price^
-
Apple does this.
Microsoft is now doing this.
I wonder how long until Google start doing it with Android
This future is so fucking dystopian
You can still very easily use macOS without an Apple ID or iCloud account, actually. You lose out on iMessage, FaceTime and the App Store, basically. But that’s about it. And they don’t nag you about it ever again unless you try to send an iMessage or what have you.
On iOS and Android it’s effectively a requirement though, because App Store / Google Play. Phone is not too useful if you can’t install any apps.
-
I put this in another thread:
It's not a big deal. They're removing the bypassnro.cmd script, which is just this:
@echo off
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f
shutdown /r /t 0
You can still use shift-F10 at the same point, type those two lines (not the @ECHO OFF), and it will achieve the same result.
I will copypaste your comment next time people complain linux is hard to learn.
-
Not how it works. You don't attempt to guess the hashed password, you guess a password which then is hashed
What's stored is hash(password). Then the password check is stored == hash(entered).
Hash(x) will be the same length, regardless of what x is. What that length is depends on which hash function it is. So the database can set the length of its storage for each user's password to the length of the hash and the hash function will take any size password.
-
licensing. both if you don't plan to buy it, and if you do, because as I understand it's hard to obtain, and maybe hard to keep too
That site's ai protection won't let me through. But if the issue is needing a legitimate license them I'm sure that can be overcome in other ways.
-
I mean, yes, but...what the fuck
same i had no idea
