PIN sign-on not available

H

Haole Boy

Active Member
Reaction score
190
Aloha everyone. Have a strange one. Customer brought me a Suface Book to work on, and gave me the PIN to logon. So, I logged on, installed Macrium, and created a backup image. It was end of the day, so I shut down. Next time I reboot, I'm asked for a password (which the client does not know). And there is no option to select a different logon method (PIN, fingerprint, etc.).

Any ideas on how to get the machine to ask for the PIN? I'm able to boot a Windows-to-go disk, so I can make changes to the disk (I think).

P.S. Yes, I know I can reset the PC and use Fabs to get his data back, but I'm curious about this problem. Googling has not shown me any way to turn Windows Hello back on (other than how to set it up on a machine you can log on to).

Mahalo,

Harry Z
 
The question is whether the account in question is a Microsoft Account linked Win10 User Account or not.

It's a simple matter to go through the password recovery process (probably with the client, or have them do it and call you back) on Microsoft.com for their Microsoft Account. That change will be accepted by Windows 10, provided there is internet connectivity, when you next try to log on using a password.
 
If I remember correctly if they are using a PIN it's tied to an online M$ account. Which, in turn, means the drive has been FDE'd.
 
Markverhyden said:
If I remember correctly if they are using a PIN it's tied to an online M$ account. Which, in turn, means the drive has been FDE'd.
Click to expand...

I haven't used PCUnlocker on a machine with a Microsoft account. How does that work? (...or is the question - Does that work?) Can the machine be reset and up and running and then work on the password reset with Microsoft?
 
Diggs said:
I haven't used PCUnlocker on a machine with a Microsoft account. How does that work? (...or is the question - Does that work?) Can the machine be reset and up and running and then work on the password reset with Microsoft?
Click to expand...
To date I've been able to avoid that dilemma. But I seem to remember another member or two commenting about using PCUnlocker to gain access to a PC that had a M$ account. Just don't remember the details. But thing is for sure. If it's FDE'd then they're SOL without the credentials if they want the data or access to the OneDrive cloud store.
 
Diggs said:
I haven't used PCUnlocker on a machine with a Microsoft account. How does that work? (...or is the question - Does that work?) Can the machine be reset and up and running and then work on the password reset with Microsoft?
Click to expand...
You get two options. One is to bypass the login once. Two is to change the account to a local account. Eitherway you boot off the USB and select the account you want to change. Never had it not work.

BUT as @Markverhyden pointed out it is highly likely that drive encryption is engaged. If so you will need the BitLocker decryption key which is going to be in the EUs Microsof Account before you can unlock.
 
nlinecomputers said:
If so you will need the BitLocker decryption key which is going to be in the EUs Microsof Account before you can unlock.
Click to expand...
Not necessarily. I've had PCs with Bitlocker enabled where there was no BL key in the user's MS account, they were the original owner, and they said they were never asked to set up Bitlocker. I came to the conclusion that the Bitlocker key was in the TPM chip and set at time of manufacture.
 
Larry Sabo said:
Not necessarily. I've had PCs with Bitlocker enabled where there was no BL key in the user's MS account, they were the original owner, and they said they were never asked to set up Bitlocker. I came to the conclusion that the Bitlocker key was in the TPM chip and set at time of manufacture.
Click to expand...
Except it doesn’t use the TPM chip. Microsoft has documentation that explains all of this. Google it. Device Encryption doesn’t ask the user. It just does it on the fly if the proper conditions are met. Your client had a Microsoft Account. They simply forgot about it like most people do. Just like people have gmail accounts for their cell phones or iCloud if your a iPhone guy. People all the time break their phones and lose all their photos and contacts insisting that they didn’t have such accounts when it is practically impossible to setup the phones without one. People are stupid.
 
It's getting almost impossible for the average user to avoid a MS account. Microsoft pushes and prods in so many ways it's almost inevitable. People just don't understand it is optional.
 
Also note that device encryption is a subset of BitLocker. It uses BitLocker technology and format but doesn’t have all the features. One of the limitations is for DE is that you MUST have a Microsoft Account. The full version of BitLocker, available on Windows 10 Pro can be setup without a Microsoft Account but it will force some backup method, Microsoft Account, Azure Active Directory, on premise AD, saving to a USB or printout of the key.

Once DE is setup you can ditch the Microsoft Account but the system remains encrypted.
 
It's flat required for Windows 11. So these conditions will amplify. Users must have backups in place in advance, or suffer loss.

If an encrypted device lands in your lap, the only solution is a N&P to get it operational again, and that costs the data on the device.
 
nlinecomputers said:
Your client had a Microsoft Account. They simply forgot about it like most people do.
Click to expand...
From my notes:
- ASUS ZenBook UX370U [wouldn't boot, removed SSD for data recovery, which asked for BL key]
- <user> doesn't have the key and was never asked to save it
- check her Microsoft account: no BL key found

I ended up installing a new SSD and Win10 but was unable to recover her data from the original SSD because I couldn't find her BL key. This laptop has a TMP TPM chip.
 
Last edited:
Not that I know it doesn't happen, because it does, but it still floors me that people "just forget about" accounts pivotal to devices they actually use constantly.

The idea of forgetting you have a Microsoft Account if you have been using an MS-Account linked Win10 user account or a Google Account if you're using an Android device or an iCloud (or whatever the primary Apple account is called these days) account if using an iPhone never ceases to astound me. It's the equivalent of forgetting you need your keys (or, if you've got a modern car, your fob) to get into your car and start it.

But I will grant that a lot of that comes from the fact that once set up, everything happens "automagically" for the most part. But, still, there is no way I (or most of my clients, if I ever need to lecture them) could ever forget "the key to the kingdom" that I'm wandering through on a daily basis.
 
The TMP chip is irrelevant. It’s required for the encryption to work but so is the Microsoft Account. Your client likely changed accounts. It’s even possible, though improbable, that some error occurred and Microsoft failed to record the password. Either way the end user is never prompted for any of that. This is by design. You can even setup a PC to do this yourself if you preinstall Windows on a white box clone and sysprep with the proper answer file.
 
The TPM chip is a storage medium for encryption keys, there are cases where the key is stored in the TPM and in these cases only the device that has the chip installed in it can decrypt the data. So in theory, a new windows install on a new drive on the same TPM MIGHT be able to decrypt the data if it's attached to the machine somehow.

The problem is these processes aren't totally standardized yet, they will be with Win11 though.

However, I will reiterate that this encryption doesn't happen on Windows without a Microsoft Account. Your user simply lost theirs, swapped to another one, and forgot about it. Or they got a floor model that was encrypted by someone else and picked up by them on clearance or something.

Onedrive all the things...
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Why is this happening when trying to register new computer with a work or school account?
Replies
9
Views
521
thecomputerguy
thecomputerguy
thecomputerguy
Family friends son died unexpectedly and is out of options right?
Replies
15
Views
586
fincoder
fincoder
britechguy
Most likely reason for "System missing LCD Panel" message?
Replies
8
Views
390
britechguy
britechguy
H
PC won't power on
Replies
16
Views
1K
frase
frase
callthatgirl
[REQUEST] Windows 11 Pin and Fingerprint not working
Replies
14
Views
800
Porthos
Porthos
Back
Top