Windows 11 Home restrictions and possible workarounds

[SteveF]

A family member is getting a new laptop which comes with Windows 11 Home S. As the family geek, I get to deal with it and I'm trying to find information on the web and it's getting confusing. So I thought I'd ask here - because this feels like asking my mates at the pub, rather than asking on some "appropriate" forum and being given conflicting advice by condescending strangers who tell me I'm an idiot.

I've used Windows a fair bit over the years, but I've never used anything more modern than Windows 10 until now and am most familiar with Windows 7.

I am pretty sure the laptop will have the Windows 11 Home S installation already on the SSD from the factory but it will ask us to go through a setup process (mainly creating a Microsoft account) when we first turn it on.

I have a few probably-conflicting goals (most important first, more-or-less):

• Disabling S mode is essential - there are a couple of legacy apps I need to install which are absolutely essential for the user.
• As it's for use by a non-techie who I don't live with, I'd like the machine to be as "standard" as possible to reduce the chances of random things breaking when I'm not there to fix them. So I need to be cautious about applying random hacks to accomplish the other goals.
• I don't like the idea of being forced to sign in with a Microsoft account.
• I'd like full disk encryption if possible. Not that the laptop is going to have anything tremendously sensitive on it, and there are other machines in the house without FDE, but this feels like a step in the right direction.
• I'd rather avoid paying for a key to use Windows 10 or 11 Pro, i.e. I'm probably stuck with Windows 11 Home.

How many of these goals can I satisfy at once?

Here's what I've gathered from my random web searches so far. Some or all of this may be outdated, incomplete or just plain wrong.

• You can disable S mode, but you need a Microsoft account to do it, or you need to disable secure boot in the BIOS.
• You can maybe play tricks - depending on what's been patched and what hasn't - during the setup process to persuade Windows 11 Home to finish installation without creating a Microsoft account.
• If you don't have a Microsoft account, you can't enable the "device encryption" FDE on Windows 11 Home.
• It may be possible to remove the Microsoft account and add a local account after the initial setup.
• If you have a Microsoft account, you can't log on to the machine without a password.

Even if they work, a lot of these options feel like they might make the machine "non-standard" in ways that risk things suddenly breaking in six months' time when Windows updates itself.

So, does anyone have any recommendations, thoughts, advice, whatever? (Sadly, given those legacy apps, "don't use Windows" is not really an option.)

My gut feeling is that I'm going to have to swallow using a Microsoft account, because I've got to turn S mode off and disabling secure boot feels riskily non-standard. I'd probably give a simplelogin alias e-mail address when setting up the Microsoft account to be pseudonymous. If this alias address stopped working (e.g. simplelogin goes away), would that matter? Does the e-mail address for a Microsoft account actually need to work in the long term?

The user is almost certainly going to want to use a simple, weak password for logging in, and that makes me uneasy when this is the password to the online Microsoft account. Short of making myself unpopular by insisting on a better password, is there any way round this?

Are there any other nasty shocks I should expect? Like the installer demanding a valid phone number, for example?

I hate the fact that all this crap is being forced on us by Microsoft, but it is what it is, I guess.

[Boydie]

The whole Microsoft account thing can be bypassed when first installing Windows.

At the screen where it asks for network details, hit Shift-F10 to bring up a CMD window. Then type

OOBE\BYPASSNRO

It’ll reboot with the option not to set up networking, and subsequently to set up a local user account.

I’ve set up several machines this way, without any issues, at least in the medium-term…

That said, it may be as well to set up an account and initially pair the machine with it, purely so the license information is stored in a second place. Then reinstall windows using a purely local account if you want to.
Although the motherboard should get registered with Microsoft’s activation services, I’ve had one board which didn’t for some reason and this played merry hell when reinstalling to a new drive. Thankfully I still had the original drive and was able to pair with my Microsoft account and activate the new installation that way.

[sweh]

I'm confused; you want full disk encryption (FDE) but no login password? If you don't have a password then FDE is close to pointless.

[SteveF]

The whole Microsoft account thing can be bypassed when first installing Windows.

Thanks Boydie, it's good to hear personal experience that this doesn't cause issues. I had some idea I'd read it didn't work now, but having searched again after reading your post, the only such mention I can find is someone on reddit saying it doesn't work, then realising they mistyped the command.

That said, it may be as well to set up an account and initially pair the machine with it, purely so the license information is stored in a second place. Then reinstall windows using a purely local account if you want to.

This feels like good advice that I might not take. What concerns me here is (I guess) that I won't have any way to reinstall the "original" version of Windows 11 supplied on the SSD. I know I could download a copy of Windows 11 from the Microsoft website, put it on a USB stick and reinstall that and as long as I have the licence key it should be fine, but I'd be worried I'd lose some critical driver, or that I thought I had the licence key but it's not activating anyway, or that it just wouldn't work and I'd be stuck without a working OS. Is the key for this machine likely to be built into the BIOS by the manufacturer anyway? Would that help or would it be irrelevant?

I'm confused; you want full disk encryption (FDE) but no login password? If you don't have a password then FDE is close to pointless.

I agree, and I can see what I wrote isn't super clear. I think:

• I do not like the idea of having to log into a Microsoft account to access the machine, with or without FDE.
• I am open to the idea of having to log into a local account with a password to access the machine, in order to have non-pointless FDE. (I'd have to discuss the usability/security trade-off with the user, probably.)
• It wouldn't be such a big deal if the local account had a weak password on, because you need physical access before you can even use the password and even a weak password offers some protection against a casual laptop thief. (Of course I would try to encourage the user to use a secure password on general good practice grounds, but I can't really insist.)
• If the Microsoft account which is accessible online has a weak password, that's really not good as it's exposed to online hacks/data leaks/whatever.

Based on Boydie's advice, it looks like I get to choose between having a Microsoft account with FDE, or not having a Microsoft account (using the OOBE\BYPASSNRO trick) and not having FDE (because I can't enable it on Windows 11 Home without a Microsoft account). I find myself flip-flopping a bit on which of these is preferable...

Edit: Gah, I just remembered. The stuff I read implies that disabling S mode requires a Microsoft account, in which case OOBE\BYPASSNRO isn't going to be viable. Maybe I *can* disable S mode with a local account on Windows 11 Home, it's just that since you're not "supposed" to be able to run without a Microsoft account, it's not generally mentioned. I don't know if I'm just making this more complex than it needs to be, but it is starting to wind me up just how tangled and confused everything is unless you meekly agree to sign up for the Microsoft account. (This, of course, makes me increasingly determined not to comply... If it felt like a choice, I might even decide it's the best option. But it feels like they're forcing it down my throat.) Maybe I can reinstall Windows 11 Home using the key that comes with the machine and simply never have S mode enabled in the first place, allowing me to use OOBE\BYPASSNRO to install without a Microsoft account without getting stuck permanently in S mode.

[Rich Talbot-Watkins]

What's the problem with creating a burner MS account for Windows which you don't use for anything else? That's what I do. I wouldn't be so confident of Windows working entirely correctly without one these days.

[lovebug]

this is why I switched to linux mint after windows 7

[SteveF]

What's the problem with creating a burner MS account for Windows which you don't use for anything else? That's what I do. I wouldn't be so confident of Windows working entirely correctly without one these days.

This was kind of my original plan and it's clearly an option. My initial objections to doing this were privacy related - even if I use a burner address on the account, having it there is going to enable all sorts of data collection which will populate the account with information, some of which is probably tied to the user's real identity, and which sooner or later is going to get exposed in some sort of data breach or hack. By not having the Microsoft account, at least this particular source of data collection will be avoided - every little helps.

However, as I've been reading stuff on the web and trying to get my head round the technicalities, I'm finding more practical stuff not to like about logging in with a Microsoft account. Obviously this is all anecdotal stuff from random web users, but I've seen plenty of people reporting things like:

• My Microsoft account got locked because I did innocuous thing X, I had a nightmare getting them to unlock it and I couldn't log in to my PC until it was resolved.
• I couldn't log into my PC because I had no internet access.
• I didn't realise the "My Documents" folder had been automatically created on OneDrive and I didn't want that.

Giving Microsoft the benefit of the doubt for a moment, I think some of this is because logging in with a Microsoft account is meant to offer improved security in some sense. They are acting like (let's say) the system administration team in a business setting, working to protect users who are not IT experts from various threats, even if that causes short-term annoyance to the users sometimes. But in this case - like it or not - *I* am the user's sysadmin and tech support, and I don't want Microsoft suddenly locking them out of their PC for their own protection and then I have to step in and sort it out.

So even ignoring privacy concerns, I really don't want to have a Microsoft account if I can help it because sooner or later the user *is* going to get locked out of their PC and I'm going to have to sort it out, probably remotely and at the most inconvenient time possible.

this is why I switched to linux mint after windows 7

I've been using Linux personally for years now, but I've seen this kind of comment around the web more lately. Having actually started looking into all this stuff, I feel I understand why much better. As I said before, my personal experience has nearly all been with Windows 7, and even Windows 10 didn't seem to be as obnoxiously bad about this.

I'm starting to have twisted fantasies of installing Linux on the machine to run a web browser. Then setting up a VM running Windows 7 with no internet access to run the legacy apps and somehow making that VM as invisible to the non-techie user as possible, so it "just works" and I don't have to explain to them what a VM is, why the Windows 7 desktop is inside a window etc. It's not going to happen, of course - I'm sure it would be a nightmare to set up and support - but there's something vaguely amusing about the idea all the same.

I think as it is I am going to have to resign myself to repeatedly reinstalling Windows 11 Home and experimenting until I get something which isn't too egregious. Given this is a new machine with no valuable data/setup yet, this might even be vaguely fun and educational. My big fear here is that I'm going to end up with no valid licence key and end up having to buy a new one just to get the machine up and running. I might try to image the disk in its factory state before doing anything else, but given the existence of TPM, records on Microsoft servers of what has been activated on this machine and when and things like that, I'm not confident restoring that original image would allow me to revert back to the stock install successfully if I come totally unstuck.

[tnash]

Obvious question but are you sure the legacy apps can't be persuaded to work under Wine?

[SteveF]

Obvious question but are you sure the legacy apps can't be persuaded to work under Wine?

That's a good question. I've been unnecessarily cagey about what these apps are, and the word "legacy" is perhaps not ideal.

Apart from web browsing, the main use for this machine will be running greeting card/scrapbook page making apps - primarily (I think) Serif CraftArtist 2, which appears to date from 2014. This probably does not use cutting-edge Windows features and it might well run perfectly under Wine. Unfortunately, even under Windows 7 it feels a little buggy in places and if it's running under Wine, I'm going to be constantly wondering if every "I'm trying to do X in CraftArtist and it doesn't work, can you have a look?" issue is caused by Wine rather than innate bugs in the software.

A bigger issue is that the user is pretty demanding about good photo print quality from this app. They have a fairly pricey modern inkjet printer and although it's probably supported under Linux, I would be concerned that the Linux driver does not contain the same special magic as the official Windows driver. (The printer is fancy-ish, but it's home user grade. I'm guessing professional equipment might be Postscript based and the magic is all in the printer's internal software, but that's not the case here.) So the print quality might suffer. Worse, I could see myself spiralling down a subjective judgment rabbit hole where the print quality might be worse under Linux and the user feels it definitely is worse and maybe they're right but there's nothing I can do about it even if I could see the problems for myself. By using the official driver on Windows, this death spiral can be cut off right at the beginning.

So although I misstated the case a little earlier, now I think more clearly about it, the main reason we need real Windows on this machine is to install the official printer driver for the user's printer. (CraftArtist is the reason we need to disable S mode.) There is also some prospect of them wanting to install modern software for a cutting plotter on the machine - which doesn't work that well on Windows 7 but could be cajoled into working badly, and if they have to suffer the downsides of Windows 11, at least having this work properly would be some kind of compensation. I wouldn't fancy my chances of getting that working on Wine, and I'd be dubious about it working reliably in a Windows VM via USB pass-through or whatever.

The user probably won't enjoy the unfamiliarity of Windows 11, coming from Windows 7, but "everyone uses Windows", the user is already in bed with Windows 7 and it's been decided by Microsoft that if you want to keep using Windows, you have to use Windows 11, and this isn't something I personally am imposing on them. So their discomfort is not my fault, is out of my control, and they get to use the official driver for their printer for good quality prints, which is perhaps what they care about more than anything. Whereas if I try to give them Linux+Wine/VM, I'm maybe forcing what *I* think is important on them. (As the guy lumbered with doing the tech support, I feel I'm entitled to some input. Plus I want what's best for my family, and as the family "IT expert" it feels appropriate to at least warn them about some of the risks of Windows 11 so they can make an informed decision. But it's a balancing act.)

So it feels like we're stuck with Windows, and I'm trying to minimise the downsides of having to use Windows 11 Home.

(It is also kind of tempting to say "sod it, let's try installing Windows 7 on the new laptop and damn the lack of security updates". But that would probably be a bit reckless, even if Windows 7 will run on it.)

[SKS1]

Does a printer driver exist for Windows 11?

[SteveF]

Does a printer driver exist for Windows 11?

I had been assuming so - the printer was first released in 2021 - but I've just checked, and (phew) yes, it does.

[1024MAK]

The newish machine that I have that runs Windows is a laptop that runs Windows 10. Windows 10 is still supported.

This did not have a Microsoft account (as far as I remember, certainly I don’t remember ever setting one up). I don’t use Microsoft Office on it. But my employer is in bed with Microsoft, so as I remotely log on using the work credentials, it does use a Microsoft account. I can then access the browser version of Outlook and Sharepoint, plus the desktop OneDrive and Teams.

I do have to ensure that I don’t enable the preview in the file browser, otherwise the LibreOffice files cause the file browser windows to become unresponsive.

Anyway, I’m not a fan of Microsoft so have not investigated or looked at Windows 11. Is it that much different?

Mark

[Wombatter]

Simple way to remove S mode is just to turn off Secure Boot in the bios, unless your actively downloading malware or ransomware it wont make much difference

[SteveF]

The newish machine that I have that runs Windows is a laptop that runs Windows 10. Windows 10 is still supported.

This is interesting: I could potentially install Windows 10 on the new laptop and side-step some of these issues, but that would mean paying for a Windows 10 key and thus reward Microsoft for being so awkward in the first place - this is also why I'm reluctant to buy a key to upgrade to Windows 11 Pro, which would fix the problems I've been talking about in this thread. (Edit: actually I'm not sure 11 Pro would avoid this, at least not without hacks. I should stop trying to research this, it's a complete nightmare with it never being clear which edition people are talking about. I'll just have to try it and see what happens.)

While in reality Windows 10 will probably still be supported for this laptop's entire life, it's near enough to it that I'm reluctant to bank on it. Plus I am going to have to face the Windows 11 Home problems at some point on some other machine, so maybe it's best to learn about the available options now. (Also it's not guaranteed there are drivers for Windows 10 for this machine, although I suspect it would be fine.)

Anyway, I’m not a fan of Microsoft so have not investigated or looked at Windows 11. Is it that much different?

Me neither, but from what I gather the main issue is that Windows 10 Home might have pushed a Microsoft account but didn't really insist, whereas Windows 11 Home really really wants you to have one, to the point of making it at least superficially compulsory without the kind of tricks discussed in this thread. If you're a "normal" user who has just bought a machine with Windows 11 Home, I think you're pretty much compelled to set up a Microsoft account on first boot.

Simple way to remove S mode is just to turn off Secure Boot in the bios, unless your actively downloading malware or ransomware it wont make much difference

Thanks, it's good to hear this does work. It may be that doing this in combination with OOBE\BYPASSNRO will give me a local account without S mode, and I can give up FDE without too much regret. I do worry Microsoft will decide to insist on Secure Boot in a subsequent update and suddenly this laptop reverts to S mode or just breaks in some other way, but that's probably not terribly likely and it's starting to feel like the least worst option.

[sweh]

While in reality Windows 10 will probably still be supported for this laptop's entire life

That's only 2 years away (Oct 14, 2025), and that requires you to be on 22H2; older versions are already EOL.

https://learn.microsoft.com/en-us/lifec ... me-and-pro

[SteveF]

While in reality Windows 10 will probably still be supported for this laptop's entire life

That's only 2 years away (Oct 14, 2025), and that requires you to be on 22H2; older versions are already EOL.

True, but I was thinking they might extend the support lifespan for Windows 10 if the takeup of Windows 11 hasn't been as good as they hoped, as IIRC happened with Windows 7. Probably not smart to rely on this though...

[ChrisB]

It wouldn't be such a big deal if the local account had a weak password on, because you need physical access before you can even use the password ...
If the Microsoft account which is accessible online has a weak password, that's really not good as it's exposed to online hacks/data leaks/whatever.

Interesting discussion - Ignoring the legitimate privacy concerns here (yes - I know) there is a "third way" - which I believe is the intended way.
If you set up a Microsoft account with a secure password and two factor authentication - which should make it very hard to steal your information individually (mass data breaches notwithstanding) - then you use "Windows hello" to log in to the laptop which uses a PIN and - if supported by the hardware - fingerprint or facial recognition. So you get reasonable online security - and ease of local login. An internet connection is not required to log in locally (even using the PIN/face) and the user never needs to use the "big" password.

[guesser]

True, but I was thinking they might extend the support lifespan for Windows 10 if the takeup of Windows 11 hasn't been as good as they hoped, as IIRC happened with Windows 7. Probably not smart to rely on this though...

They will still be creating security patches for some time for the companies that are happy to pay through the nose for them, we just won't see any of them.

The real question is whether someone discovers a bug that's so fantastically bad, and threatening enough critical systems, that they make the patches available to all the no-longer-supported editions anyway like happened to XP.

[SteveF]

It wouldn't be such a big deal if the local account had a weak password on, because you need physical access before you can even use the password ...
If the Microsoft account which is accessible online has a weak password, that's really not good as it's exposed to online hacks/data leaks/whatever.

Interesting discussion - Ignoring the legitimate privacy concerns here (yes - I know) there is a "third way" - which I believe is the intended way.
If you set up a Microsoft account with a secure password and two factor authentication - which should make it very hard to steal your information individually (mass data breaches notwithstanding) - then you use "Windows hello" to log in to the laptop which uses a PIN and - if supported by the hardware - fingerprint or facial recognition. So you get reasonable online security - and ease of local login. An internet connection is not required to log in locally (even using the PIN/face) and the user never needs to use the "big" password.

Thanks Chris - this is good to know. I do still hope to do away with the need for the Microsoft account at all, but if I end up with one anyway this will definitely help.

True, but I was thinking they might extend the support lifespan for Windows 10 if the takeup of Windows 11 hasn't been as good as they hoped, as IIRC happened with Windows 7. Probably not smart to rely on this though...

They will still be creating security patches for some time for the companies that are happy to pay through the nose for them, we just won't see any of them.

The real question is whether someone discovers a bug that's so fantastically bad, and threatening enough critical systems, that they make the patches available to all the no-longer-supported editions anyway like happened to XP.

Fingers crossed. I probably won't be installing Windows 10 on this new laptop, but there is another laptop in the family running Windows 10 and the longer I can avoid having to upgrade that the happier I will be.

My current plan of attack (when I actually visit the owner of the new laptop, which won't be that soon) is:

• Go through the standard setup process and create a new Microsoft account with a pseudonymous e-mail address. As Boydie pointed out, this should help ensure the digital licence gets activated and recorded.
• Have a quick check to make sure there are no bundled apps/bloatware that actually look important or useful.
• Give the laptop a quick hardware test to make sure everything seems to work (test all the keys, use all the USB ports, play a video).
• Disable S mode, in case it helps, although it's probably irrelevant given the next step.
• Do a fresh install of Windows 11 Home using WIndows 11 downloaded from Microsoft without setting up or logging into a Microsoft account. I'll use either the OOBE\BYPASSNRO trick or write Windows to the USB stick with Rufus and use the options there to get a similar result.
• I am hoping that because this is a fresh install it won't be in S mode, avoiding the need to turn secure boot off or use a Microsoft account to disable it.
• I am hoping it will activate automatically based on the hardware identifiers, not the Microsoft account. It's still Windows 11 Home on the same hardware, so fingers crossed.
• This should also avoid any bloatware pre-installed at the factory.

If that doesn't work I will investigate other options like turning off secure boot, frantically searching the web for more things to try or accepting the need for a Microsoft account, using a PIN for local login.

If that does work, I might get cocky and try to enable full disk encryption. A bit of web searching suggests there are ways to make this work - most interestingly, Windows 11 Home won't let you enable BitLocker, but it is apparently capable of accessing drives already encrypted with BitLocker. So if I boot off a "live" Windows 11 USB stick into an un-activated Windows 11 Pro environment, I'm wondering if I can turn BitLocker on for the internal SSD there and then reboot into Windows 11 Home and have it work. This is highly speculative though. I'm willing to give up on FDE if I can avoid S mode and having a Microsoft account.

[BeebMaster]

I'm starting to have twisted fantasies of installing Linux on the machine to run a web browser. Then setting up a VM running Windows 7 with no internet access to run the legacy apps and somehow making that VM as invisible to the non-techie user as possible, so it "just works" and I don't have to explain to them what a VM is, why the Windows 7 desktop is inside a window etc. It's not going to happen, of course - I'm sure it would be a nightmare to set up and support - but there's something vaguely amusing about the idea all the same.

This is more or less what I do. I've been using Ubuntu since 2008 and installing Virtual Box with various VMs. (I never found Wine to be much good to be honest, and I don't even have it installed any more). Currently I have VMs with XP, so I can play a favourite 25-year-old game from time to time, 7 32 bit, 7 64 bit and also 10 64 bit apparently. Running them full-screen, you can hardly tell it's actually running in a virtual machine at all. Although, other than XP, it's been a very, very long time since I used any of them. As Linux apps get better, and developers and manufacturers support Linux more and more, it's getting less and less necessary to use anything else.

I don't have to sign up to an account with anyone to turn my computer on, and I don't have to give a fingerprint or blood sample to turn my computer on, so I am relatively happy.

[BigEd]

With something like WINE, it's worth retrying it every few years, because it does get better.

[Boydie]

A couple more points...

Even when installing with a Microsoft Account, it's possible to convert it to an offline login by creating a local PIN for logon, instead of your Microsoft Account password. This PIN is inappropriately named, since it can be selected to contain letters and characters, so it's really just like any other local password. Anyone who has been locked out of their machine because of difficulties with accessing their Microsoft Account neglected to do this.

Once the machine has been set up, using a Microsoft Account, this can still be changed to login as a purely local account (ie not linked to a Microsoft Account whether by PIN or otherwise) instead, same as in Windows 10.

It's also possible to create a new Local user account, which can then be set as an Administrator - I've just confirmed this on my laptop. I've not dared try it, but presumably this local account can then be used to delete the original, so there's no trace of a user linked to a Microsoft Account.

[SteveF]

Thanks Boydie, I appreciate you giving that a try. I'd like to avoid ever putting a Microsoft account on the machine if I can so there's definitely no lingering trace of it. I know that's irrational, as if they really want to there's no technical reason they can't do all the same data collection whether you have a Microsoft account on the machine or not, but I will at least try.

It's good to know there are these options if I fail. At least with a fresh install I can do reckless things like set up a new local account and then delete the original account and see if it works - I don't blame you for not trying it on your existing setup!

I hope to visit the family member with the new laptop shortly and I'm half looking forward to setting this machine up and half dreading it.

[SteveF]

My current plan of attack (when I actually visit the owner of the new laptop, which won't be that soon) is:
...

This worked surprisingly well. I'm very much not in love with Windows 11, but I didn't hit any problems going through that process. The reinstall of Windows with no Microsoft account activated using the digital licence automatically with no faffing. Thanks to everyone for the advice!

Turning Bitlocker on from the command line using manage-bde in Hiren's Boot CD seems (touch wood) to have worked well too - I won't give commands here as I may get them wrong, but if I remember correctly the basic idea was something like one command to enable encryption, one to add a recovery key and one to add an actual normal password. I made sure to make a note of the recovery key and it seems to work when I test it.

The single biggest source of frustration was CVE-2022-41099. I can't remember how I found out about this - I guess it came up while searching for how to set up BitLocker on the command line - but it apparently rendered it trivial to bypass BitLocker just by booting into recovery (!). The most frustrating thing about it was that even though I'd just done a fresh install using the latest Windows 11 downloaded from Microsoft, I couldn't find any clear statement as to whether a) my install would still be affected b) how to test for myself if it was affected, even though this issue is about a year old. Most of the online discussion I could find seems to be panicked discussion on how to deal with this when it was new. In the end I bumbled through the rather confusing manual fix process, although whether I needed to or not is unclear, and it's probably fixed on my machine. It's definitely shaken my confidence in BitLocker quite dramatically though.

(Yes, I know Windows 11 Home isn't supposed to have BitLocker anyway, but I didn't find any clear documentation on the current state of this for any version of Windows.)

When the machine boots it asks for the BitLocker password - that's great. If I press Escape it asks for the BitLocker recovery password - also great. What's not so great is that if I accidentally press Escape when entering the password (it's somehow semi-instinctive to press it if I mistype the password), it takes me to the recovery password screen and I can't seem to get back to the regular password screen without forcing a reboot. Maybe my search skills are weak but every time I try to look for information on this I just get pages of stuff about how to recover BitLocker. Does anyone happen to know how to get back from the "enter recovery key" screen you get from pressing Escape to the "enter unlock password" screen?