That's true, but the victim would immediately recognize something wrong when they boot into their system and find that none of their files are there and they're not connected to their company's VPN.
At that point, it's a race between how quickly the attackers can exploit temporary access to the CEO's network resources and how quickly the CEO and their IT folks figure out that they need to cut off the stolen laptop's network access and user credentials.
Just show an error message--ideally one that implies there was no connectivity at all (ex. "We can’t sign you with this credential because your domain isn’t available."). That way, if the users happens to contact IT, they won't think there is anything anomalous about the lack of logged attempts.
Ha that's what I did decades ago in school with a fake login screen. When the password has been logged just read c:\con\con, crash the machine and it reboots into the real login screen.
You don't need login to succeed, just fail convincingly.
Remote desktop with an HDMI (LVDS?) capture card, so that everything is in place. Alternatively, network mount the SSD once you get the encryption key and boot from that, syncing the blocks on demand. You can even show the 'installing updates' screen to do the HDD sync while it's 'updating'. No wifi connection? no problem - the planted one has an internal 5G modem.
Not if you give 1 out of thousands of errors windows loves to give. There's one where when you login all your user profile stuff is gone! People are very used to windows breaking.
That moment when when the CEO is back in the hotel room, and realizes he just authenticated to a laptop that was not his would be an ideal moment for the assassin that looks very similar to him to exit the hotel bathroom, pop the CEO, dress in his clothes, and proceed to the bank for wire transfer shenanigans.
At that point, it's a race between how quickly the attackers can exploit temporary access to the CEO's network resources and how quickly the CEO and their IT folks figure out that they need to cut off the stolen laptop's network access and user credentials.