Solved Re all the weeping over local user accounts...

One reason for me not to use a Microsoft account on Windows 10 was it kept cutting my wifi. It was fine on a local account. I tried all sorts, turned off syncing on every computer in the house, cleared MS cloud settings - no difference. It only happened on the machines that were HP and were capable of running Windows 11. The two Asus machines that weren't capable of running Windows 11 were fine on a Microsoft account.

I recommend turning off the background telemetry with

O+O shutup 10 +

and Spybot Anti-Beacon

It's so funny that they are a Microsoft Partner

Best utility out there for reigning in Windows is Chris Titus Ultimate Windows Utility. I know many here poo poo it, but man does it work a treat for me!


Pull it up one command in Powershell, go to the tweaks page and start checking off what you want, then run it. I've never had Windows 11 Pro run so snappy and fast!

Regarding OneDrive . . .
FWIW . . .

Several security flaws discovered in 2025 related to OneDrive's File Picker and integrations could lead to data overreach and leaks
. This is distinct from an organization-wide data breach caused by external hackers.

Key vulnerabilities and risks

• File Picker over-permissioning: In late May 2025, researchers from Oasis Security reported a major security flaw in the OneDrive File Picker feature. When a user attempts to upload a single file to a third-party app, the File Picker uses broad OAuth permissions that grant the app access to the user's entire OneDrive storage, not just the selected file.
• Misleading user consent: The consent dialogs used by the File Picker were found to be vague and misleading, failing to clearly communicate the extent of access being granted. This makes it difficult for users to realize they are giving permission to read or write to all their files, a condition known as "over-permissioned OAuth scopes".
• Affects multiple apps: Many popular apps that integrate with Microsoft's cloud services, such as ChatGPT, Slack, Trello, and ClickUp, were potentially affected by the File Picker vulnerability.
• Persistent access and insecure token storage: Older versions of the File Picker were also susceptible to insecure handling of authentication tokens, which could lead to unauthorized, long-term access to a user's account.
• Forgotten sharing links: In September 2025, a separate vulnerability was highlighted regarding "forgotten external sharing links" in Microsoft 365, which includes OneDrive. These links can remain active indefinitely, creating a permanent, unmonitored opening to sensitive company data long after a project has ended.
• Encouraging personal and work account crossover: A new feature rolled out in June 2025 encourages users to sign in to both their personal and corporate OneDrive accounts on the same Windows device. This creates a risk of sensitive corporate data being inadvertently copied into a less-secure personal account, leading to data leakage.

Microsoft's response

After the File Picker vulnerability was disclosed, Microsoft acknowledged the security report. However, the company stated that since user consent is required before access is granted, it did not meet the criteria for immediate servicing. Microsoft has said that it will "consider improvements to the experience in a future release".

Mitigation steps for users and organizations

To protect yourself from these security risks, security experts recommend the following actions:

• Review app permissions: Regularly check and review the permissions granted to third-party apps connected to your OneDrive account. Revoke access for any apps with overly broad or unnecessary permissions.
• Update admin policies: For organizations, security teams should enforce policies that restrict app access and block requests for permissions beyond what is absolutely necessary.
• Audit sharing links: Admins should run a report in the SharePoint Admin Center to find and remove forgotten "Anyone with the link" public sharing links.
• Limit app consent: Restrict OAuth app consent settings in your organization's Azure Active Directory and enable admin approval workflows for app requests.
• Practice caution: Be cautious when authorizing apps that request OneDrive access. Assume that the consent flow may grant more access than the app explicitly advertises.

Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online​

September 17, 2025

gbhackers.com/microsoft-onedrive-auto-sync-flaw/

Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online​

September 17, 2025

A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint.

Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync.

When OneDrive silently backs up key folders like Desktop and Documents to SharePoint Online, it can turn personal files into a corporate treasure trove of secrets.

How OneDrive Auto-Sync Exposes Secrets​

OneDrive for Business includes a Known Folder Move (KFM) option that automatically redirects important folders into OneDrive and, by extension, SharePoint document libraries.

This feature is enabled by default in many enterprise setups. Anything saved in those folders even temporary files like configuration JSONs, .env files, or spreadsheet “scratch pads” is copied to the cloud without alerting users.

Once in SharePoint, the files follow the platform’s sharing rules: they remain visible to their owner, may be shared with a team, and are always accessible to administrators. A misplaced password file or API key suddenly becomes available tenant-wide.

Entro Labs analyzed leaked secrets across dozens of enterprise environments and found that certain file types dominate.

Over half of the exposed secrets came from Excel workbooks, where users often paste confidential tokens and passwords for convenience.

Plain-text files such as .txt, .json, and .pem made up another 18 percent. Even scripts (.ps1), SQL dumps (.sql), and Word documents (.docx) contained credentials.

These user-generated files travel effortlessly from local drives into SharePoint, where a single admin or a compromised service account can retrieve them in minutes.

OneDrive’s sync feature may improve productivity, but it also greatly expands the blast radius of any compromised account. Security teams can take several steps today to reduce risk:

Manually adding a site collection Admin
First, raise awareness among employees, contractors, and third-party developers. Many assume their secrets stored on their Desktop or Documents folder never leave their machines.

Just a few things to be aware of . . .

www.techradar.com/computing/windows/will-microsoft-never-learn-leaked-onedrive-app-sparks-fears-of-more-pointless-bloat-in-windows-11

Will Microsoft never learn? Leaked OneDrive app sparks fears of more pointless bloat in Windows 11​

News
ByDarren Allan publishedOctober 3, 2025
The new OneDrive app looks slick, sure, but there are questions about the purpose of this potential addition to the OS

PCUser said:

I recommend turning off the background telemetry with

O+O shutup 10 +

O&O ShutUp10++: Improve Windows data protection

Enable recommended privacy options and make Windows 10/11 leaner and more private with just a few clicks.

www.oo-software.com

and Spybot Anti-Beacon

Spybot Anti-Beacon - Spybot Anti-Malware and Antivirus

Spybot – Search & Destroy offers a comprehensive set of functions and tools. This one is about preventing your data being sent out without your consent.

www.safer-networking.org

Click to expand...

I honestly don't believe that Microsoft is spying on me or that I have anything that Microsoft wants to steal.

PCUser said:

Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online​

September 17, 2025

Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online

A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint.

gbhackers.com

gbhackers.com/microsoft-onedrive-auto-sync-flaw/

Microsoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint Online​

September 17, 2025

A new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint.

Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync.

When OneDrive silently backs up key folders like Desktop and Documents to SharePoint Online, it can turn personal files into a corporate treasure trove of secrets.

How OneDrive Auto-Sync Exposes Secrets​

OneDrive for Business includes a Known Folder Move (KFM) option that automatically redirects important folders into OneDrive and, by extension, SharePoint document libraries.

This feature is enabled by default in many enterprise setups. Anything saved in those folders even temporary files like configuration JSONs, .env files, or spreadsheet “scratch pads” is copied to the cloud without alerting users.

Once in SharePoint, the files follow the platform’s sharing rules: they remain visible to their owner, may be shared with a team, and are always accessible to administrators. A misplaced password file or API key suddenly becomes available tenant-wide.

Entro Labs analyzed leaked secrets across dozens of enterprise environments and found that certain file types dominate.

Over half of the exposed secrets came from Excel workbooks, where users often paste confidential tokens and passwords for convenience.

Plain-text files such as .txt, .json, and .pem made up another 18 percent. Even scripts (.ps1), SQL dumps (.sql), and Word documents (.docx) contained credentials.

These user-generated files travel effortlessly from local drives into SharePoint, where a single admin or a compromised service account can retrieve them in minutes.

OneDrive’s sync feature may improve productivity, but it also greatly expands the blast radius of any compromised account. Security teams can take several steps today to reduce risk:

Manually adding a site collection Admin
First, raise awareness among employees, contractors, and third-party developers. Many assume their secrets stored on their Desktop or Documents folder never leave their machines.

Click to expand...

I don't use OneDrive for business.

PCUser said:

Regarding OneDrive . . .
FWIW . . .

Several security flaws discovered in 2025 related to OneDrive's File Picker and integrations could lead to data overreach and leaks
. This is distinct from an organization-wide data breach caused by external hackers.

Key vulnerabilities and risks

• File Picker over-permissioning: In late May 2025, researchers from Oasis Security reported a major security flaw in the OneDrive File Picker feature. When a user attempts to upload a single file to a third-party app, the File Picker uses broad OAuth permissions that grant the app access to the user's entire OneDrive storage, not just the selected file.
• Misleading user consent: The consent dialogs used by the File Picker were found to be vague and misleading, failing to clearly communicate the extent of access being granted. This makes it difficult for users to realize they are giving permission to read or write to all their files, a condition known as "over-permissioned OAuth scopes".
• Affects multiple apps: Many popular apps that integrate with Microsoft's cloud services, such as ChatGPT, Slack, Trello, and ClickUp, were potentially affected by the File Picker vulnerability.
• Persistent access and insecure token storage: Older versions of the File Picker were also susceptible to insecure handling of authentication tokens, which could lead to unauthorized, long-term access to a user's account.
• Forgotten sharing links: In September 2025, a separate vulnerability was highlighted regarding "forgotten external sharing links" in Microsoft 365, which includes OneDrive. These links can remain active indefinitely, creating a permanent, unmonitored opening to sensitive company data long after a project has ended.
• Encouraging personal and work account crossover: A new feature rolled out in June 2025 encourages users to sign in to both their personal and corporate OneDrive accounts on the same Windows device. This creates a risk of sensitive corporate data being inadvertently copied into a less-secure personal account, leading to data leakage.

Microsoft's response

After the File Picker vulnerability was disclosed, Microsoft acknowledged the security report. However, the company stated that since user consent is required before access is granted, it did not meet the criteria for immediate servicing. Microsoft has said that it will "consider improvements to the experience in a future release".

Mitigation steps for users and organizations

To protect yourself from these security risks, security experts recommend the following actions:

• Review app permissions: Regularly check and review the permissions granted to third-party apps connected to your OneDrive account. Revoke access for any apps with overly broad or unnecessary permissions.
• Update admin policies: For organizations, security teams should enforce policies that restrict app access and block requests for permissions beyond what is absolutely necessary.
• Audit sharing links: Admins should run a report in the SharePoint Admin Center to find and remove forgotten "Anyone with the link" public sharing links.
• Limit app consent: Restrict OAuth app consent settings in your organization's Azure Active Directory and enable admin approval workflows for app requests.
• Practice caution: Be cautious when authorizing apps that request OneDrive access. Assume that the consent flow may grant more access than the app explicitly advertises.

Click to expand...

None of this is of any concern to me for how I use OneDrive. I don't use OneDrive in a business organization.

hsehestedt said:

My own personal preference is to use unattended setup. Even if I don't want to do a full unattended, I use a stripped-down answer file that does nothing but create a local account, prevent automatic device encryption, and stop quality updates from being installed during setup. But I also fully realize that this might be a bit much for your casual Windows user.

Click to expand...

Unattended was the way I went after recently doing a bog-standard install I couldn't believe the poop you have to wade through
The unattended worked a charm, I got on with something else came back in the room and was good to go ..

TraderGary said:

None of this is of any concern to me for how I use OneDrive. I don't use OneDrive in a business organization.

Click to expand...

@TraderGary
I understand. That being said, there are many security conscious PC users here. Whether business or personal, privacy and security should always be a concern. It's just a good practice to be careful and limit liability and exposure to risk.




Ways OneDrive passwords can be exposed

• Third-party data breaches: In late 2024 and early 2025, security researchers found billions of login credentials on the dark web, gathered from various third-party breaches. If a user has reused a password on multiple sites, their OneDrive account could be vulnerable even if Microsoft is not directly breached.
• Credential-stealing malware: Malware on a user's computer or phone can be designed to steal login information, including saved passwords and session cookies, that allow hackers to access accounts.
• Phishing attacks: Cybercriminals can trick users into giving away their login credentials by creating fake websites that mimic the official OneDrive or Microsoft sign-in pages.
• Compromised Microsoft accounts: Because OneDrive is part of the Microsoft ecosystem, if a user's broader Microsoft account is compromised (e.g., through a weak password or another vulnerability), attackers could gain access to their OneDrive files.

July 21, 2025

A Timeline of Microsoft Data Breaches and Vulnerabilities: 2025 Update​

Microsoft 365 Accounts Get Sprayed by Mega-Botnet​

The threat actors are exploiting noninteractive sign-ins, an authentication feature that security teams don't typically monitor.

Kristina Beek, Associate Editor, Dark Reading
February 25, 2025

snerd said:

Best utility out there for reigning in Windows is Chris Titus Ultimate Windows Utility. I know many here poo poo it, but man does it work a treat for me!

The Ultimate Windows Utility

Refined over years, this utility goes beyond debloating Windows: Install and update hundreds of apps via WinGet with a single click Apply safe, practical tweaks …

christitus.com

Pull it up one command in Powershell, go to the tweaks page and start checking off what you want, then run it. I've never had Windows 11 Pro run so snappy and fast!

Click to expand...

CTT is a great tool and the micro win is also very good . i find the installations from the CTT don't always work for me, so I use uniget i keep a bundle file of my installed apps so if I reinstall I can open the bundle and let it do its thing ... lol

PCUser said:

@TraderGary
I understand. That being said, there are many security conscious PC users here. Whether business or personal, privacy and security should always be a concern.


Ways OneDrive passwords can be exposed

• Third-party data breaches: In late 2024 and early 2025, security researchers found billions of login credentials on the dark web, gathered from various third-party breaches. If a user has reused a password on multiple sites, their OneDrive account could be vulnerable even if Microsoft is not directly breached.
• Credential-stealing malware: Malware on a user's computer or phone can be designed to steal login information, including saved passwords and session cookies, that allow hackers to access accounts.
• Phishing attacks: Cybercriminals can trick users into giving away their login credentials by creating fake websites that mimic the official OneDrive or Microsoft sign-in pages.
• Compromised Microsoft accounts: Because OneDrive is part of the Microsoft ecosystem, if a user's broader Microsoft account is compromised (e.g., through a weak password or another vulnerability), attackers could gain access to their OneDrive files.

Click to expand...

C'mon now, that's the way any of your passwords can be exposed.

PCUser said:

@TraderGary I'd never use a OneDrive account. No thanks.

Click to expand...

So, you have never had the experience of the ease of accessing files seamlessly across your devices?

z3r010 said:

So, you have never had the experience of the ease of accessing files seamlessly across your devices?

Click to expand...

@z3r010
Of course I have the ease of accessing files seamlessly across devices! PC, laptop, other computers, multiple cell phones running Android OS, tablets, etc.

I have network drives on a NAS using RAID 10. I own the NAS, the drives, all is networked, secured, and with redundancy.

Judging by posts others have made in this forum, I'm not alone in this kind of thinking or setup.

Lots of savvy power users here.

OldManT60 said:

Unattended was the way I went after recently doing a bog-standard install I couldn't believe the poop you have to wade through
The unattended worked a charm, I got on with something else came back in the room and was good to go ..

Click to expand...

I keep seeing people talking about "unattended" installs. Can someone explain that to me please because it seems a bit more than just going out while the install takes place! If it removes the need to do all the settings.

Hazel123 said:

I keep seeing people talking about "unattended" installs. Can someone explain that to me please because it seems a bit more than just going out while the install takes place! If it removes the need to do all the settings.

Click to expand...

Once you have created your bootable USB you add the attended file ...boot as normal, you can add as much or as little as you like,
you can add installs I have not done this
I'm sure there are others here can explain better than me ... but I did find it pretty straight forward
There are tuts but not sure on adding links and if they are allowed or not

(I literally ran a bath, came back and the installation was done )

PCUser said:

Lots of savvy power users here.

Click to expand...

And some of us are just paranoid

PCUser said:

Freedom of choice should remain for what they choose to do with their own PC/laptop.

Click to expand...

And MS agrees with you. If you're so disillusioned with Windows you're free to install a Linux distro, or an earlier, unsupported Windows version.

It's simply the sad fact of the current state of affairs: Everything is about branding, subscriptions, invasive ads, etc. MS is far from the only offender.