How to Enable the Hidden Administrator Account

This will enable the "hidden" administrator account giving you FULL ACCESS to your notebook. Follow these steps:
1. Hit 'Start', type 'cmd' in 'Search.
2. Right-click 'cmd' and click 'Run as Administrator
3. A black box should appear (DOS) and you should type exactly:

Code:

net user administrator /active:yes

4. It should say something successful, now type 'exit' and log off or restart.

After enabling this account I actually found it smoothed out some issues with optimus, etc, as well as a performance increase although it could be a placebo effect... I know most users might already know this already but I know some wouldn't.

 

can anyone confirm what this exactly does?

 

enables that account... if logged in using that I think it stops prompting UAC

 

Well yes that is true but much more than that. If anyone used Window XP in the past you'd know that the default account is administrator. For some reason in the Vista and new 7 release, the REAL administrator account is hidden.

 

Ok , I did this but at log in there is 2 account now, on for the admin, and my regular log in,I tried to remove the admin account but it won't let me, how do I remove it? i went to cmd and put no after active, and its still there.

 

It was hidden yes but Im not aware of any additional functionality to your default account by making it "active".

ttomp73: Built-in Administrator Account - Enable or Disable - Windows 7 Forums

 

Maybe:

net user administrator /active: no

 

net user administrator /active:no disables it.
but I would delete the other account and use the admin. Why would you not want full access to your pc?
btw do not listen to eat_my_brains an delete system32

 

What exactly do I not have access to? Other than UAC prompts what would be gained? The prompts can be disabled so not sure I see the benefit.

If its already disabled then there isnt any issue of rogue admin accounts but if enabled then please do change/create password.

 

1. Disables UAC
2. Runs all applications in ADMINISTRATOR MODE (irons out issues with some games or applications)

 

For home-use / personal-use computing, there is no practical benefit to enabling the administrator [user] account in Windows 7.

According to the principles of computer security, the "correct" way of using a PC from a security perspective is to use an administrator / super-user account only when you need to make system-wide configuration changes, install software, install patches, or install drivers. For everything else, you're "supposed" to log in using a regular standard user account that does not have those priviledges. This type of security is most effective when you have a lot of potentially unknown users that will use your computer, such as internet cafe PCs, university computer lab PCs, or library PCs. That way, some regular user can't screw up your computer by changing a bunch of settings or deleting a bunch of critical system files.

However, personal-use or home-use computers don't need to worry about that. Since a personal-user / home-user has a pretty good idea of who will be using his/her computer, they don't need to really worry about running as a standard user account to prevent unwanted changes to their computer. For convenience purposes, Microsoft configures the first user account created on a new Windows 7 installation as a super-user with all rights and privileges. This user account can do everything that the administrator [user] can do. So there is absolutely no benefit to enabling the "administrator" account for this kind of personal-use / home-use scenarios.

In fact, the reason why Microsoft disables the administrator [user] account by default is for security. When someone tries to hack into your computer, they ideally want to get super-user access so that they can do anything that they want (view/delete any data they want, install malicious software, etc). And one of the ways they can get that level of access is to simply know the username and password of a super-user level account.

When the administrator [user] account is enabled, a hacker already has a username that is guaranteed to have that level of access... all they need to do from there is guess a password. Microsoft disables that administrator [user] account by default, to add an extra layer of security.... a hacker must then work to discover the username AND password of an account that has super-user level access, rather than just a password.

In short, enabling the administrator [user] account gains you nothing. It only makes you more vulnerable to unauthorized access. That is why it is disabled to begin with.

 

+1 and a thanks. I do want to say that this may be a little misguided (above). It doesn't have much to do with the discovery of the account - really, anybody even beginning to gain a level of fluency in CLI can obtain account names with ease. The problem lies, really, within the fact that everything runs, by default, with administrative privilages, under the administrator account. This tidbit was really the basis for all script and program level hacks and malware pre-Win Vista... And, then, it took until Vista SP2. Get a popup that is able to utilize any one of the many vulnerabilities in http and browsers, in general? Well, you're running as an administrator, so guess what that malware is running as, now? It has complete access to the filesystem.

When the next trojan comes around, folks running as admin 100% of the time will be the first ones replacing hdd's and reformatting.

 

I just diable UAC cause its annoying =). But with that you have to be a little more careful with what you install/download/etc as to not put your computer in harms way.

 

Erm, you already have FULL ACCESS - the default user account is already a member of the Administrator group.

Enabling the hidden Administrator account does absolutely nothing. It's also something of a security risk - there's plenty of malware that targets the Administrator account as a known variable.

In short : Leave it disabled.

 

So if a user account does get hosed or messed up to badly you could then activate the Admin account and create a new account. Then log into the admin account and delete the old account. This way you don't have to worry about reinstalling windows?

I know sometimes the windows OS itself gets messed up, but many times isn't it simply the user account?

 

Moving to windows forum

 

You can usually boot into safe mode and solve the issue that way, with no need to activate the built in administrator account.

 

EDIT: I rebooted into safe mode to test this theory/fact (it was true for Windows XP...) but I only see my standard account and the separate admin account i created for UAC duties.

Can anyone with only one user account see if they see anything different? Reboot into safemode via F8 at system startup.

EDIT 2: Windows 7 is intelligent enough to display the hidden account in emergencies (IE - other adminstrator accounts become unusable) within safe mode: http://social.answers.microsoft.com...y/thread/62a99dcc-b976-4ad1-9ac5-e7bf803eab83

There's no need to activate this account manually unless it somehow fails to display this account in safe mode and the other accounts are corrupted.

 

yes, because it's absolutely useless as you can't do anything with it that you could not do without it. it's mainly there for network environments in companies.

 

Hey, after you enable the administrator account you should experiment with "deltree"

Really, there's no good reason to enable the administrator account. If your application doesn't work under a user account, then get a refund because the programmer is incompetent. Running as administrator means that everything you run has permissions to change ANYTHING. Flash? It can format your drive. Java? It could overwrite system files that enable remote root access. Any toolbar you have, any program that might be of dubious legality, all of those have complete access to do anything to your machine that they want, and you would have no idea.

The reason the UAC prompts pop up is to keep programs from being able to do those kinds of things without the user having to confirm "Yeah, I really do plan on modifying system files now". If you log in as administrator, you completely remove that layer of security.

This is advice that you really, really should not follow. Run a single program as administrator if you absolutely have to, but you should not ever run your entire session as administrator.

 

I am a bit confused on what is the original question.

For most personal machine, the first user(usually the only user) has administrative rights => Administrator. The reason why Microsoft add UAC is that it is

1) too cumbersome to teach joe blow user on the street to login as standard user and only switch to Admin for admin work

2) some apps(I assume games) may need admin right to run properly

And if you are on a business machine(managed by some IT staff), you usually don't have the right to do any of these switch things on/off, add user etc.

So what do you want to achieve ?

 

OP maybe felt some improvement and wanted to share. I don't thing anything is accomplished that couldn't be done by tweaking an app to run as admin or disabling UAC.

There was no original "question" really.

 

Running all applications in Administrator mode is a terrible terrible idea. It doesn't increase performance... it doesn't do anything except increase the chances for screwing things up.

 

And if you want to run applications as an administrator simply right click and run it, or go to properties and set it to default to that (I don't recommend it unless you need it to)

 

And what ever happened to power user?
How do I enable that? Just kidding, no reply needed.

 

Hehe... you know that someone's going to reply anyway, because they want to prove how knowledgeable they are.

 

Hehe... you just dated yourself, Mr. MS-DOS 5.2.

deltree /y C:\*.*

hasn't been around for quite some time!

 

Of course, you should never, ever, use this account for your normal day-to-day work. If you do, you'll deserve whatever hits you. But you knew that, didn't you?

Which, of course, you should not do.

It only irons out "issues" with the kind of cr@p applications that are not compatible with Windows.

Listen to the Man. There's really nothing that needs to be added to his post.

 

one thing should get added: apps that only work when running them as admin can get fixed by yourself. give them write rights to their folder (c:\program files\rouge app) by rightclicking, editing properties, there permissions, and there edit 'everyone' (or 'users'?) to have full access rights.

after that, a typical rogue app works perfectly without admin rights, too. (some might need this for some other location, but for most, that's the only fix needed).

 

Stop posting these advanced things ...
For 90% of the users on these forums it will only cause problems if they mess with these.
And the 10% already knows ... and know what to do with it.

 

it's not even advanced. it's just there for backwards compatibility.

 

errrrrrrr why would you not disable UAC?

 

Holes in the most frequently used program like browser, flash or acrobat readers can allow virus to enter your system.

 

because it's there to save your .. back .. when you can't.

as long as uac is not enabled, every application can at any point in time kill anything else on your system without you having any chance to prevent it (be it due to a bug, or a virus, some security hole, what ever). with uac, applications that want to manipulate your system files don't get access, the system first asks you.

so actually, with uac enabled, YOU are the master of your system.

 

Is there a way to make a list of allowed programs in UAC? It does get annoyng having to answer "yes" everytime I want to use HW Monitor, for example.

 

no, but you can fix it in other ways depending on the app. hw monitor needs admin for the hw access i think => giving write access to where ever it's in wouldn't help.

but you can for example create a task in task scheduler that starts as admin automatically, put hw monitor in as task, and a shortcut to that task where ever you had a shortcut to hw monitor. that auto-elevates.

 

Tell the hobby programmers who made HW Monitor to code their cr@p properly. In this particular case, they need to run the portion that accesses the hardware as a service with appropriate privileges, and everything will be fine.

In other words, what is annoying is the amateurish coding of HW Monitor, not UAC.

 

UAC doesn't protect you from viruses

 

This was not the design goal of UAC.
It's more likely MS's interpretation of the Linux command "sudo".

Switching UAC off and being member of the Admin group for the daily Triple-X surf session is an excellent method to shoot your own foot

Michael

 

O.k., let's give this one last try:

First of all, yes, UAC does not protect you from anything whatsoever, mostly because it was never meant as a protection. This whole idea is a complete misconception of what UAC is, and what it was designed for. What UAC really is, is a convenience, allowing you to easily switch users to a privileged account, or add a privileged token to the process you are about to launch. In other words, UAC is about giving you control, and not taking it away from you.

Second, what does protect you is running your sessions with standard user privileges only. This means that any process you launch, advertently or inadvertently, will not be allowed to make any system-wide modifications. Of course, this cannot prevent the newer crop of viruses from manipulating data and objects that you as a user do have access to, but this still gives you a very, very significant amount of protection. In particular, this kind of protection does not have to rely on signatures and virus data bases, so it will work equally well for any known or as yet unknown viruses, which is in stark contrast to the typical anti-this-or-that software people so love.

Now, since launching certain software or commands from a restricted account can cause cryptic error messages and behavior that unsophisticated users don't understand, Microsoft then added UAC in order to make it easier for people to live with the restricted-privilege account they really should be using. I note that I (and many other people that are used to working with real operating systems, rather than toys like MS-DOS) have been using limited accounts since the birth of Windows NT, and it has always worked just fine. The only issue, or rather inconvenience then, before UAC, was that if you did launch a process that required higher privilege levels, you would just get an "Access Denied" message or something similar, and you would then have to re-launch the process using the Runas command. UAC makes this far more convenient, by simply offering you a password or confirmation prompt so you can still get your elevated privileges after you have already issued your launch command.

So, for the last time: UAC is really about giving users more control, and a more convenient way to run their computers in a sane configuration. When people talk about "disabling UAC", what they really mean is running their sessions with elevated privileges always, which is a disastrous decision from a security point of view. Let me make this entirely clear: No kind of anti-virus, or any other anti-this-or-that software is a substitute for running your regular sessions with limited privileges. Nobody who has any understanding whatsoever of computer security would operate their computer in any other way.

P.S.: Here is an (as usual) excellent article by Mark Russinovich with a more detailed explanation of the concepts and rationale behind UAC. Worth a read.

 

Excellent post.
+rep

Michael

 

not you. but your system. to protect you, some antivir is needed.

it protects the system from you, doing accidental changes (due to a virus, a bug in an app, or some brainfart tweak you've found on the interwebs). it's a nice little barrier between every running application and the system.

without uac, doing something on the system is absolutely silent, without you being informed or in control.
with uac, every system change will be reported to you, so you have control.

still, if you get a virus and it runs, it can scan trough YOUR files and delete all .jpg or .mp3 that it finds. it can't, though, delete anything in c:\windows.

but because you both care about your system (shielded away with uac) and your own files (unshielded), you need antivirus software for YOUR protection.