Administrator Account

How to Enable or Disable the Real Built-in Administrator Account in Vista


information   Information
In Vista, even though you are using an administrator account, you still run with Standard account privileges. When a program or a action by you tries to run with administrators rights, you must first give it permission before it is allowed. This is the User Account Control (UAC). The hidden real Built-in Administrator Account does not use UAC and is like the one in XP with full rights on your computer. For more information, see: Microsoft Help and Support: KB942956
warning   Warning
If you enable the hidden Built-in Administrator Account, it is recommended that you do not use this account all the time since everything installed and running on your computer will also have full access to computer too. Instead, I would recommmend that you use it for administrative purposes only, and then use a Standard or normal administrator user account that is restricted for everyday tasks for better security.
Note   Note

  • This will not delete your current account. It just adds a new account named Administrator that is the real administrator account in Vista.
  • If you do not have any other administrator account on your computer, then you will automatically startup into the built-in Administrator account when you boot into Safe Mode.





Here's How:
2. To Enable the Hidden Built-In Administrator Account
A) In the elevated command prompt, type the command in bold below and press Enter. (See screenshot below)​
net user administrator /active:yes
CMD_Enable.jpg

B) Go to step 7.​

3. To Disable the Hidden Built-in Administrator Account
WARNING: Make sure you are not logged into the built-in Administrator account when trying to disable it. You must be logged into a normal administrator account to do this instead. It will not work if you try to disable the built-in Administrator account while you are still logged on to it.​
A) In the elevated command prompt, type the command in bold below and press Enter. (See screenshot below)​
net user administrator /active:no
CMD_Disable.jpg


4. You will get the message, The command completed successfully. If not, repeat the step.​
NOTE: If you are still unable to enable the built-in Administrator account from here, then try this again in Safe Mode instead.
5. Close the elevated command prompt.​
6. Log off (in Start Menu) and you will see your new built-in Administrator account next to your current account(s).​
LogOff.jpg

7. Click on the new Administrator account display picture icon and log on to it.​
8. You should create a password for this account for better security.​
9. You will then need to set up it's desktop preferences like any other account.​
That's it,
Shawn




 

Attachments

  • thumb_User_Account.png
    thumb_User_Account.png
    11.7 KB · Views: 443
Last edited by a moderator:
Hello Gary,

I don't mind at all. :)

Q1) By default, there is not a password set for the built-in Administrator account. This could vary with OEM systems though. If the OEM set a password at the factorym then they will usualy have instructions letting you know what the default password is so that you will be able to use and change it later.

Q2) It will not affect UAC at all for any other user account on the computer. Only a standard user account will still have to provide any administrator's password in a UAC prompt to allow it.

Q3) The built-in Administrator account is an elevated administrator that has full access and control of everything on the computer without ever getting a UAC prompt asking for permission first. Even with UAC turned on and set to the top level. It's not recommended to use the built-in Administrator for everyday use because of this. Since the built-in Administrator has full access, so does everything that is running while logged in to the built-in Administrator. Enabling the built-in Administrator, setting a strong password, and disabling the built-in Administrator would be smart decision to help keep people from being able to log on to it. Another good idea would be to also rename the built-in Administrator to something other than "Administrator" to help prevent people from trying to reset the password for it as well.

Hope this helps.

Hi Shawn,
Sounds fine. I enabled the root Administrator, managed the account to rename it and set a password, then disabled it again. I did a few things and got an elevated Administrator prompt, which worked fine when clicking "OK". So, it seems to be unaffected by the changes. The name change is just for the full name, as apparently the username remains the same. That makes sense, as the registry would need some significant updates to revise all of the references.
But anyway, in order to enable the root administrator, someone needs to be logged on as an administrator anyway, so there isn't any real security improvement with the rename and password change. If you're an admin, you can manage anyone's account to remove a password and then set a new one as well. Despite all this, in the end it can't hurt anyway. :)
 
Last edited by a moderator:

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv5t
    CPU
    Intel Core Duo 2.53GHz
    Memory
    4Gb
    Graphics Card(s)
    NVidia GeForce 9600M GT 512Mb
    Screen Resolution
    1280x800 32bit
    Hard Drives
    Seagate Momentus XT 500Gb
    Hitachi Travelstar HTS543225L9A300 250Gb
    Mouse
    Microsoft 4000
Nope, because you could also enable the built-in Administrator at boot through a command prompt, and with several other hacks as well. A rename and password protection helps to prevent this.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD
Nope, because you could also enable the built-in Administrator at boot through a command prompt, and with several other hacks as well. A rename and password protection helps to prevent this.
Ah, I see what you mean now. This would have to be a break-in at the computer itself, because someone couldn't trigger a reboot remotely and then have access to the command prompt, right?
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv5t
    CPU
    Intel Core Duo 2.53GHz
    Memory
    4Gb
    Graphics Card(s)
    NVidia GeForce 9600M GT 512Mb
    Screen Resolution
    1280x800 32bit
    Hard Drives
    Seagate Momentus XT 500Gb
    Hitachi Travelstar HTS543225L9A300 250Gb
    Mouse
    Microsoft 4000
Usually it will be done at the computer, but it's possible by a pro to do otherwise.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD
Back
Top