Connect Microsoft Account to Multiple Domain Accounts
We are currently trialing windows 8.1 tablets in a school environment and would like for the students to have access to the 'Windows Store'
All students log in with a domain account. (Their own domain account)
All of these tablets are being imaged Via SCCM 2012 Task Sequence.
What I would like to see happen either during the SCCM TS or via GPO or some other method would be to have the same Microsoft account connected to anyone logging into these devices this way the student would never require the account credentials
and they would never be prompted to log into the store as well as be able to openly download and install free apps... I'll tackle the paid app issue separately...
I would enable the GPO:
computer configuration\windows settings\security settings\local policies\security options\'accounts: block Microsoft account'
so that they couldn't link any additional personal Microsoft accounts.
thoughts?
More update...
created the following script (autoit) to create the appropriate reg key entries to connect a Microsoft account to the current logged on user.
#include <Security.au3>
Local $aArrayOfData = _Security__LookupAccountName(@UserName)
$SID = $aArrayOfData[0]
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\", "AccountsCount", "REG_DWORD", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\", "AssociatedCount", "REG_DWORD", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\", "CID", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\", "Keywords", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "AccountType", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "ChildFlags", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "DefaultCredSaved", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "DisplayName", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "FirstName", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "Flags", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "Keywords", "REG_SZ", "<Enter Applicable Value>")
RegWrite("HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\<Microsoft Live Account Name>\" & $SID, "LastName", "REG_SZ", "<Enter Applicable Value>")
I am applying this script on logon to the users so they all end up using the same account to access the store.
last challenge is to set it so they don't have to enter a password. where is the password stored?????
Similar Messages
-
First. I'll make another post about this but worth mentioning - the dialogue when opening Cortana then having to connect with a MS account is barely usable. The "Next" button is completely black so had to guess that was where to click. When I select
any other window or click outside the dialogue disappears until I hit the Start button, Windows Key or the Cortana/Search button. Makes it near impossible to say copy what is written there when something goes wrong...
Not that MS will care or do anything right?
Anyway. Domain account, no restrictions that I know of from that side (my home/test domain). Attempt to connect MS account and get below literally not even a second later, it's basically an instant failure with the message:
So what now?Nevermind, did have GPO there blocking it!
Policy
Setting
Winning GPO
Accounts: Block Microsoft accounts
Users can't add or log on with Microsoft accounts
CFG_SOE -
I was referred here from another thread, see
http://community.office365.com/en-us/f/158/p/245124/778388.aspx#778388but not sure if this is the right forum, so please move/correct my posting if needed!
It's a exchange/Outlook365 query, relating to signatures
I have several connected pop3 accounts to the exchange mailbox, but there appears to be no way to have separate signatures for each connected account, in fact there appears to be only 1 signature for the entire account? So when I send emails I can select
from several different from addresses, but the signature remains the same ...
On desktop outlook 2003-2010 at least, there is the ability to have default reply, default new message signatures for each account in use, is there a way to configure the exchange/outlook365 OWA to do this ?
I'm about to test if an outlook 2010 desktop client allows/recognises the server side linked accounts and allows email to be sent from them, so any tips or points on that would be welcome!
thanksIn Outlook2010 you can set multiple signatures, yes.
If you connect to those accounts LOCALLY using POP3 you can also then set defaults for each account ... HOWEVER
if you set the CONNECTED ACCOUNTS via OUTLOOK365 via the cloud server, the local Outlook will not let you set default signatures for each account. Yes you can have signatures and manually select them, but that's not the same thing, and leads to mistakes.
The whole point of connecting the accounts via the Cloud is that the local PC is then no longer part of the critical path when away from the office, so if the local PC crashed or lost internet, then it would not affect mail delivery to the single exchange
mailbox, for access via the web or mobile devices. Quite important. A common failure we have on local outlook pop3 connections is a single password failure to login, leaves the pop up menu on screen and then stops all other pop3 mail collection from working.
We have tried for 2+ years to solve this "password failure popup", but as the passwords are saved and don't change and the problem persists, we wanted to move to the cloud ... and avoid problems when users are away.
Last but not least, if using the cloud to send a reply to a mail via a connected account, the email is not sent as the connected account (despite it being validated for send as) but sent using a "<exchange Primary email> send on behalf of <pop3
connected email>" which defeats to whole point of connecting the accounts and verifying them!
I've got to say when even Google can get this right! why can't Microsoft? It really does suck!
For a business class product having 1 signature per user within OWA is seriously deficient.
Maybe time to move our email needs to Google, as on searching the depths of old archives it does appear these issues have been raised for several years, yet nothing has improved ... shame on Microsoft. -
Best approche with domain account and Microsoft account?
HI,
We presently try Windows 8.1 in my company. And we have a user/domain account, and this is perfect. Now I discovers we can sync/connect with a Microsoft account. I try to connect to a "business" Microsoft account. But if I do that I can't use Skype
with my personal account !
So my real question is when we use a domain account when we connect to a Microsoft Account, best utilization is to use our personal or a business Microsoft account?
And if I use a business account, how I can use Skype with my personal account?
EricThis is an issue.
Linking the domain account to one online account is not something I am happy about at all. We need more flexibility around account settings please.
S. O'Neill,
Did you ever find a solution to this issue? I am hoping to migrate our company from an in house SBS server to Office 365, I had expected that this issue would have been resolved by the Office 365 account also being a Microsoft Account. But I
have since learned that this is not the case, and for at least one good reason. Windows Store App licenses and payment information is linked to the Microsoft Account.
Please consider a small business of 50 to 100 users using Office 365 Enterprise where Users stay in the company between 1 to 3 years.
Not all staff joining the company would have a personal Microsoft Account, and even if the User did have a personal Microsoft Account, as the User's computer is a company asset, the company cannot violate the user's privacy by having the User use their own
Microsoft Account. And the company cannot risk the security implications of having the User's personal Microsoft account connected to their corporate computer and network.
The company IT department could create company owned Microsoft accounts for each User as well as Office 365 User accounts. And when a User leaves, log into the User's company Microsoft Account and check to ensure that the user has not placed any company
records on their Microsoft Account's OneDrive before deleting their User account. It will also mean deleting and creating a new Microsoft Account each time a User leaves the company and their replacement is hired.
However there is an issue here when the IT Department deletes the Microsoft Account the company looses the license for any software that they have purchased for the user.
So far the only solution I have been able to determine is to create company "role" based Microsoft Accounts and Office 365 accounts, then use Email Aliases to manage a personalised email address for any user working in that "role". For example we would have
roles "CEO", "Business.Manager", "Finance.Manager", "Finance.Assistant_1", "Communications.Office", "Marketing.Manager", "Sales.Rep_1", etc.
I understand that Enterprise organisations do not use Microsoft Accounts at all, but use Side-loading administered from an AD server to manage Windows Store Apps.
I would very much like to hear how companies are managing the issues caused by Microsoft Accounts, including the issue of there being two OneDrives, a Microsoft Account OneDrive and an Office 365 OneDrive for Business. -
Using Microsoft account on domain-joined Windows 10 Technical Preview
(First asked at
http://answers.microsoft.com/en-us/windows/forum/windows_tp-security/using-microsoft-account-on-domain-joined-windows/63093b15-af76-4461-a23e-8f8b739f4960, was told to come here...)
I have in-place upgraded a domain-joined Windows 7 machine to Windows 10 Technical Preview build 9860.
I can log on as before using my domain account, but I'd also like to be able to log on using my (personal) Microsoft account.
I tried typing [email protected] in the "user" box but this didn't work.
Any clue? Maybe the only way is to first create a local account and then associate it with the MSA but IMVHO this shouldn't be necessary...Hi sba,
If we updated to Windows 10 Technical Preview from Windows 7, Windows will keep your Windows settings, personal files, and most apps. And based on what I know, if we haven’t create a Microsoft Account on Windows 10 (or there is no Microsoft account available
before we update to Windows 10), it will not allow us to sign in with a Microsoft Account.
To make it able to sign in with a Microsoft account, we need either connect a local account to a Microsoft account (Under PC settings->Users and Accounts-> Your profile)
or
create a new user account(under PC settings->Users and Accounts->Other users->Mange other users-> Add a user);
Best regards
Michael Shao
TechNet Community Support -
I finally decided to convert some of my local accounts to Microsoft Accounts on my Windows 8.1 PCs. Big mistake to this point.
I have two PC's with the same Microsoft Account set up, neither PC can browse to the other or map a drive through browsing.
I'm not using a homegroup. My daughter has one setup on her laptop and desktop, and I don't want my PC's on her homegroup. Until Microsoft makes it possible to have 2 homegroups on the same subnet, this is not an option.
The local accounts on both PC's have no problem browsing, mapping, etc. I can connect to the other PC's just fine using local accounts, so I know physical connectivity isn't an issue, neither is my anti-virus or really anything else system wide on either
computer.
I just can't attach automatically using a Microsoft Account. I have to manually map a drive every logon/reboot.
I have also found that running a logon script doesn't work. The drives will not map automatically.
The Microsoft Account users can map a drive using "Connect using different credentials." However, the credentials don't hold across reboots.
I can manually (using either a Microsoft Account or a local account) map a drive using "net use" which then opens up all of my mapped drives and allows for browsing to the other PC. However, this doesn't work across reboots/logons either.
Entering credentials in the Credentials Manager (Whether I use the Microsoft Account credentials or one of the local user credentials) doesn't work across reboots either.
Yes, I have the same Microsoft Account setup on both PCs. I have tried giving them both Admin and Standard user rights on both PCs.
I have turned off UAC as recommended in some posts.
Again - This problem is ONLY related to MICROSOFT ACCOUNTS, not local accounts.
I have put a batch file on the desktop with a "net use" statement in it to connect as a work around, but this is very annoying and truly unacceptable. Is there anyway to make this work seamlessly without running a batch file or something else where
the password exists on the PC in clear text?
I can't find other posts asking this question - am I the only one who is trying to do this? What memo did I miss?
Thanks for any help!Hello Steve Hengen,
I apologize for the delay.
I have test in my own environment and can normally map the network driver when logon as Microsoft account.
Do you check the option Reconnect at logon?
If you use Connect using different credentials, do you check the option Remenber my credentials?
Please take a look at the following article about map a network drive.
http://windows.microsoft.com/en-HK/windows-8/create-shortcut-to-map-network-drive
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Windows Server - Run multiple domains under different accounts
Hi,
I have multiple domains on a Windows Server. I'd like to run these under separate accounts for security reasons.
My options I have so far:
1) Install all Admin servers and managed servers as windows services and set logon appropriately
2) If possible, use multiple node manager instances, one for each domain and set the log on for each node manager windows service
I like the idea of multiple node managers but I can't find any reference in the documentation about this. I'd rather not use option 1 as I won't be able to restart servers from the WebLogic Console
Has anyone had to do this before?First option might be the cleanest .
For second option make sure that there are separate Node_Manager home directory for different node manager instances.
Edited by: atheek1 on Jun 19, 2010 4:55 AM -
Problem description:
After VM deployment is finished, remote desktop into the Windows 10 client OS with the created admin credentials
Open PC Settings -> Users and Accounts -> manage other users (this is the new UX not the old classic add user dialog)
Add a Microsoft account to the desktop, leave it as a standard user
Log Out
Make RDP connection using login of DNSName\[email protected]
Note: DNSName = connection string you are using in RDP
[email protected] is whatever liveID you are using.
Problem: If it was working you will get a message that this user does not have access rights to remote desktop to the computer
Error: Unknown user or bad password is what I would get
Solution:
Log back on as admin user with RDP
Using the new UX from " PC Settings -> Users and Accounts -> " delete the recently created microsoft account
Create a local (not microsoft account) account where with the name that would be before the @ (i.e. user77)
Go to the Old user management interface (either the computer management MMC or the "System Properties->Remote" tab and give the created local user remote desktop access rights.
Now log off as admin
Remote desktop and use username of DNSName\User77 (note no @outlook.com)
Let the login process finish
Make sure any feedback questions are answered
Now navigate to the new UX using " PC Settings -> Users and Accounts -> " and link the local account with your Microsoft account.
You will have to authorize the microsoft account, typically with a text message + verification code
Wait 2 minutes (using a A1 size VM there seemed to be some background stuff for account linking)
Log out
Now log in using DNSName\[email protected]
Success!
I hope this helps anyone else who is using Azure VM's to test out Windows 10 client technical preview.
-N
neilgoHi
We use a custom imagine and experience this quite alot. Usually host name is missing and we have to redeploy.
Seems to have gotten worse as we add more vms.
Should we not sysprep when capturing a vm?
Orginal vm came from the gallary and we've simply resized os to 30gb.
Main role for our vms is job processing so stop deallocate when finish to keep costs down buts prooving to be more trooblesome that expected due vms dieing.
We have a number which we don't shut down which are problem free. so I suspect the stop deallocate and self heal are still early days.
My monitor has reported issues with 40+ vms this evening. Are there issues or updates going on in western europe? -
Multiple Sites, Multiple Domains, one .mac account?
So, is this possible? Can you create multiple sites in iWeb, save them to a .mac account, and then purchase domain names for each of those sites and have one assigned to each? I'm assuming no, but I'm seeing if someone knows how or someone has some workaround to keep it on .mac, but have multiple domain names for my sites?
Thanks!!So, is this possible?
No.
Can you create multiple sites in iWeb, save them to a .mac account, and then purchase domain names for each of those sites and have one assigned to each?
Yes and no. While .Mac does offer Domain name hosting in the form of a CNAME alias, only one Domain name is available per .Mac account. .Mac is not a registrar for multiple Domains. You can host multiple sites on your .Mac account, but if you desire a 'Domain name' for each site, you will need to purchase the Domains from a registrar like Yahoo, GoDaddy, 1&1, etc, and then forward these Domains to the appropriate sites, hosted on your .Mac account.
I'm assuming no, but I'm seeing if someone knows how or someone has some workaround to keep it on .mac, but have multiple domain names for my sites?
The "workaround" would be to utilize Domain forwarding from a Domain name registrar, using the .Mac urls for the forwarding address(es).
-Mark -
Multiple domain names for iWeb on .mac account
I've managed to get the iWeb site I created uploaded onto a domain name i created (eg www.abc123.com). I had to change the domain name on my .mac account. The thing is it only allows you to enter 1 domain name. Now I have purchased 3 domain names, one for myself, one for my business and one for my mothers business. Is there a way round this because at the moment I can't get round it. Thanks.
Hi Ben,
If using .Mac hosting and other hostings as well you can have multiple domains pointed to different sites so that each site will have yourdomain.com. However on .Mac you can have only one CNAME, the other personal domains should be WebForward or WebForward with cloaking.
- WebForward: after you typed yourdomain.com in the browser you get forwarded to web.mac.com/username/ and web.mac.com/username/ will display in the browser
- WebForward with Cloaking (also called masking): after you typed yourdomain.com in the browser yourdomain.com will display in the browser and don't change while people browse through your website
- CNAME yourdomain.com will display instead of web.mac.com/username/ and while browsing through your website it will look like yourdomain.com/sitename/nameofpagepeoplelookatnow.html
If you're using Godaddy this is how to setup WebForwarding
http://help.godaddy.com/article.php?articleid=422&topicid=
and this is masking/cloaking
http://help.godaddy.com/article.php?articleid=424&topic_id=165&progid=GoDaddy
Regards,
Cédric -
Hello Community,
I have Problems to connect to a virtual Computer on Windows Azure. But only when I host a Windows 8.1 Enterprise Computer in Azure. When I use a Windows Server 2012 R2 virtual Computer I can connect without Problems. Also when I use a Local Account on my
Windows 8.1 Enterprise Laptop at home with which I want to connect to the virtual computer, I can connect to the machine. But when I use a Microsoft Account on my Laptop it fails with "Authentification failure"
I hope anybody can help me. Thanks in advance :)This guy solved it:
http://troubleshootingsql.com/2014/06/04/how-to-log-into-an-azure-vm-using-a-microsoft-account/ -
Multiple Microsoft Accounts with A Bing Maps Account
Is it possible to have multiple Microsoft accounts associated with a Bing Maps account so that I can have more than one person in my company create Bing Maps keys?
Currently this is not available. However you can create multiple accounts and have them associated to a single contract. This way others can create keys without needed your log in. Contact
[email protected] to link the new accounts to your contract.
http://rbrundritt.wordpress.com -
Add Ability to Sync Connections via Microsoft Account?
Would you please consider being able to sync my connections between computers via Microsoft Account? This would help so much when I switch to a laptop or other computer. Thanks!
Hi,
Thanks for the feedback.
However, you can save your connections as .rdp files and sync them via OneDrive.
Sync settings between PCs with OneDrive
http://windows.microsoft.com/en-us/windows-8/sync-settings-pcs
Thanks.
Jeremy Wu
TechNet Community Support -
Does using a Microsoft account require an Internet connection to log in?
If I use a Microsoft account as my credentials, am I locked out if my PC has no Internet connection?
Hi,
In addition, for the first log in, we need to connect to the internet.
Regards,
Kate Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Connect Skype name and microsoft account
My profile says my accounts are not linked. Windows for desktop works, but whe I try to open SKYPE from the Start Menu it doesnt let me open it. It say" OOPS..THERE WAS A PROBLEM.
PLEASE TRY AGAIAN".
No matterhow many times I try I get the same reply. I have tried restsrting my PC and nothing changes.
Please help. Thanks.Okey solved it myself :/
I needed to unlink my Microsoft Account from itself and close it.
Now its working.
/solved.
Maybe you are looking for
-
Can not add a New appointment to a shared calendar in Outlook 2010, can only add a New Meeting.
Hi I can not add a new appointment to a shared calendar in Outlook 2010. I can see the calendar and appointments in it (all appointments are marked as busy, the detail can not be seen. I want it to do this) and I can and a New meeting to the shared c
-
LR 5.0 slowly in rendering import previews (RAW/Canon 6D)
Hi guys, does anybody know s.th. about slow rendering imagepreviews in the import dialogue? My LR 5 is as slow as a snail generating those previews. Importing my RAWs form the EOS 6D (saved on a 95MB/s 32 BG SanDisk Extreme Pro) it renders only the 1
-
Trouble with EAP-TLS with Wireless before Windows logon
Ill start with a list of equipment; 5508 WLC 3502i AP's Cisco ACS 5.3 Windows 7 clients WLAN is configure with WPA2/AES with 802.1x for key management. Client is configure with WPA2/AES, auth method is Microsoft: Smart Card or other certificate on co
-
After Updating Mountain Lion, Mail & Safari keep crashing; WLAN Connection fails
After Updating Mountain Lion, Mail & Safari keep crashing; WLAN Connection fails; I have updatet Mountain Lion and since then, Mail & Safari keep crashing plus: WLAN Connections keeps on failing from time to time. My Router has the newest firmware, i
-
Using Aperture with a Network Attached Storage (NAS)
Hi, I would like to make my Aperture library accessible from severals Macs and for different users on these Macs --- not at the same time. The idea is that only one user from one Mac can use Aperture at a given time. The basic idea is to install the