Accessing a Windows 11 Computer with a Microsoft Account Linked Windows Account After the Owner's Death

[britechguy]

This is kinda, sorta a spin on another topic from October:

Family friends son died unexpectedly and is out of options right?​

One of the gentlemen I know on one of the blind-centric technology groups has recently lost his (adult) daughter and is the person who has her computer in hand. I do not know if he or his wife are the executor, or even if a will exists. What I do know is that they do not have the password.

Based on, Accessing Outlook.com, OneDrive and other Microsoft services when someone has died, it appears that if you want to go "the official route" you must engage a lawyer and, even then, there is no guarantee that you will be granted access.

PCUnlocker was also suggested for converting the Microsoft Account linked Windows User Account to a local account, but I don't see this specifically listed as one of its capabilities.

It's sad to me that in Germany and China, Microsoft has an official set of steps to gain access to a deceased user's Microsoft Account. Elsewhere in the world, it appears that unless you get an attorney involved you're out of luck:
-----
Microsoft must first be formally served with a valid subpoena or court order to consider whether it is able to lawfully release a deceased or incapacitated user’s information regarding a personal email account (this includes email accounts with addresses that end in Outlook.com, Live.com, Hotmail.com, and MSN.com), OneDrive storage, or any other aspect of their Microsoft account. Microsoft will only respond to non-criminal subpoenas and court orders served on Microsoft’s registered agent in the requesting party’s state or region and is unable to respond to faxed or emailed requests for such matters.
-----

They don't even give information on where such a subpoena or court order should be directed for any locale except the EU. If anyone has successfully submitted a subpoena or court order to the appropriate Microsoft location in various parts of the USA, please share, as well as if you know of the list of those locations based upon where the request originates.

But if PCUnlocker can be used successfully (and on a cloned copy of the drive, and presuming it's not encrypted) I'd present that as an option. I'd want to know whether the drive was encrypted before even starting down the PCUnlocker route.

 

[Markverhyden]

I completely agree about the whole survivors access to stuff belonging to the deceased. But you also need to look at it from MS's perspective. Since the Fed's won't do anything they'd need to put together 50+ programs and run them at no charge. Of course the nickel solution to the dime problem would be to have nagging popups all the time until an admin user is added to each MS account. I'm sure both Germany and China dictated that at a national level and probably administers it at a national level.

On the local rep. Have them look at the Secretary of State's website where the daughter lived and look up MS. Companies that size will almost surely have registered local reps. I've found them for NC. Of course it's no bet they will respond.

If she has a will then that's one direction. If there is no will and there is no significant other(s) maybe the parents can petition probate to assign them as executors.

Assuming she had a smart device do they have access to that?

 

[britechguy]

I'm sure both Germany and China dictated that at a national level and probably administers it at a national level.

What that Microsoft page notes suggests otherwise. In Germany, it seems like "boilerplate" presentation of credentials as an estate's executor, which I went through twice in 2021.

I don't see any logical reason why online accounts should be treated any differently than any other accounts (e.g., bank, credit card, mortgages, etc.) as far as an estate's executor having unquestioned access. Don't get me wrong, though, it is a grand PITA to jump through all the hoops that these various entities put up in order to get that access. I never realized how difficult "outside forces" make administering an estate even when one is clearly the person designated to do so.

I don't know any more than I've said. Those who want to read the ongoing discussion can do so: breaking into a deceased loved one's laptop

 

[seashore]

PCUnlocker was also suggested for converting the Microsoft Account linked Windows User Account to a local account, but I don't see this specifically listed as one of its capabilities.

Yes, it converts an MS account to a local account without a problem. I've used it many times on unencrypted devices for that.

As you're aware, it can't be used If the device is encrypted

 

[sapphirescales]

Yes, it converts an MS account to a local account without a problem. I've used it many times on unencrypted devices for that.

This is true however you'll need to resign in to OneDrive if you clear the password like this. If OneDrive is set up have a bunch of files in OneDrive only instead of stored on the computer then there's no way to get the data without signing back into OneDrive with the Microsoft account.

 

[britechguy]

If OneDrive is set up have a bunch of files in OneDrive only instead of stored on the computer then there's no way to get the data without signing back into OneDrive with the Microsoft account.

Which is precisely why, if someone is using M365 or OneDrive, I'd far prefer that they be using a Microsoft Account Linked Windows User Account to begin with. Everything is tied up in a tidy bow this way.

But that still wouldn't fix the issue at hand one way or another.

Is there a way to tell at the lock/login screen whether an account is local versus MS and whether a device is encrypted versus not? If there is for either of these things, I don't know it.

It just points out again how important it has become to have a password manager (or even paper log) and something in place to make sure that the individual(s) who would be settling your estate have access to same when that time comes. It is a grand PITA to gain access, even when you should have it, without userids and passwords. If you're using 2FA and have recovery codes, those must be a part of that material as well, because the probability of also having access to the 2FA device, which might also be locked by biometrics, is not necessarily high.

 

[Larry Sabo]

Boot a Win PE and see if you can access the contents of the drive, and the user profile. If it's Bitlockered, you will know pretty quickly. And if it's not, you will be abe to see whether the files are on OneDrive only or also in the user's profile.

 

[britechguy]

@Larry Sabo

While I appreciate your reply, and will file it for my own future reference, this is not a machine I have in hand.

I'd love to have some *simple* way for those who find themselves in this unfortunate situation to do preliminary data gathering to know what the situation on the machine is that can guide what they need to do next.

We're going to see more and more and more of this in the coming years. And with Microsoft making device encryption the default, aiyeeeeeee!

 

[seashore]

If OneDrive is set up have a bunch of files in OneDrive only instead of stored on the computer then there's no way to get the data without signing back into OneDrive with the Microsoft account.

Agreed, in which case it would be worth checking browser password managers for an MS login. Might be lucky.

 

[britechguy]

Agreed, in which case it would be worth checking browser password managers for an MS login. Might be lucky.

But to check browser password managers you must log in first. If you don't have a local account on a non-encrypted device, it's still a no-go.

The problem arises these days from the default Windows configuration where no login credentials are known. And that's even for individuals like executors who have always had carte Blanche historically when any paper records were involved.

 

[Metanis]

Add in the current rush to a paperless society and those left behind may never know a true accounting of the deceased.

The only winners will be the government when they get possession of "abandoned" accounts after some period of inactivity.

 

[sapphirescales]

Is there a way to tell at the lock/login screen whether an account is local versus MS and whether a device is encrypted versus not? If there is for either of these things, I don't know it.

There's no way to really tell if it's encrypted or if it is an actual Microsoft account or not unless you boot the computer using a portable version of windows or if you pull the drive out and connect it to another computer via USB. Of course you could just start with using PC Unlocker and see if it recognizes the drive. If it doesn't then there's a really good chance that the drive is encrypted, however it's also possible that it just doesn't have the right drivers to detect the NVMe drive. You can sometimes get around this by going into the bios and changing the NVMe to compatibility or AHCI mode, just make sure it doesn't try to boot from the drive because it could corrupt Windows if it does. Your best bet is to start by pulling the drive and connecting it via USB to your main shop computer to see if it's encrypted. Then you decide where to go from there.

Agreed, in which case it would be worth checking browser password managers for an MS login. Might be lucky.

Yeah the problem is 2FA. I guess if you have access to their phone and you either know the passcode to the phone or the phone will show a preview of any text messages on the lock screen without having to unlock it then that would work.

 

[fincoder]

PCUnlocker was also suggested for converting the Microsoft Account linked Windows User Account to a local account, but I don't see this specifically listed as one of its capabilities.

In PCUnlocker, the list of user accounts will show an email address for Microsoft Account logins (in Description column I believe). You just choose the Reset Password option regardless, and the software converts to local account if necessary.

For encrypted drives, PCUnlocker can't find the registry so it prompts for you to navigate to the registry file. That's how you know it's likely an encrypted drive.

 

[Rosco]

Yes, it converts an MS account to a local account without a problem. I've used it many times on unencrypted devices for that.

As you're aware, it can't be used If the device is encrypted

The new version has a BitLocker option, but I haven't tried it out yet.

 

[carmen617]

From memory here, so I might be mistaken, but you should be able to walk the client through booting to the recovery options on the computer - simply boot to the lock screen, then have them restart holding the shift key. Once in the recovery options, if they try to access the drive (for example, choosing CMD prompt) the system should ask for a Bitlocker key if it's encrypted.

 

[britechguy]

The new version has a BitLocker option, but I haven't tried it out yet.

Well, even if it does, I would have to believe that it requires the BitLocker key in order to function. If it didn't then BitLocker encryption is pretty much useless as a security measure, and all indications (here and elsewhere) are that this is not the case.

 

[fincoder]

Well, even if it does, I would have to believe that it requires the BitLocker key in order to function.

That's what I was thinking too. And if using PCUnlocker then it's very likely the Bitlocker key is also not known (considering the unknown Microsoft password is usually for both PC and retrieving the key).

Besides, the PCUnlocker website doesn't mention Bitlocker or encryption at all, that I can find.