How to bypass entering Admin Password in the UAC

[Mark \(MCP\)]

I installed Windows Vista Business 32-bit version about a month ago and the
installation made my default account and Administrator account with a strong
password. I also created a Standard User account. I switch between both of
these accounts because I want to see how programs run between these two
account levels and the security differences.

When running Vista using the Standard Account, I entered the Administrator
password when prompted. This after a while gets tedious.

I looked in Vista's Local Security Policy - Password Policy and I
surprisingly found the 'Password must meet complexity requirements'
DISABLED.

I then switched to my Adminstrator account, went to User Accounts and
REMOVED the password from the Administrator account.

I logged in to my Standard User account in Vista, I can now run all
Administrator tasks and access Administrator programs without needing to
enter any password.

Why does Microsoft require you to enter a complexity password when
installing Vista and defaults the Local Security Policy - Password Policy
setting to DISABLED on this feature?

As a Standard User now, I can run any Admin task or program without entering
the Admin Password.

 

[Guest]

You are entering a password - a blank one. This is different from no
password as no password will accept anything. You must enter the exact
password you specified - blank.
-

 

[Mark \(MCP\)]

You are entering a password - a blank one. This is different from no
password as no password will accept anything. You must enter the exact
password you specified - blank.

In Vista the default Administrator account should always have a password.
Microsoft addressed this issue in Windows 2000 and Windows XP where the
Administrator account required a password and to my knowledge it could not
be removed (as in blank password).

 

[Guest]

Only on server. And vista does not require a password.

 

[ray]

As a Standard User now, I can run any Admin task or program without entering
the Admin Password.

That's cool. Makes it much easier for malware to take over the system.

 

[Justin]

I just set my admin password in XP to blank. It can be done. However,
certain tasks will now fail. Remote desktop comes to mind.

 

[Justin]

That's cool. Makes it much easier for malware to take over the system.

.....and he probably still has UAC running. Now, for no good reason.

I hope this was all "for a test". Or just an experiment. If you're going
to bypass UAC you might as well just turn it off.

However, to answer your question. They set it that way because this pisses
the average user off. People use certain passwords and if they don't
conform to a standard and the user needs to use something else...well, that
just causes a ruckus! MS decided not to piss people off and allow them to
use their own passwords as they see fit. With the exception of the admin
password. That's the one password they wanted to be strong.

 

[Mark]

In XP, there are many tasks that will fail with the Admin account having
a blank password.

 

[Guest]

You can actually allow that too (Local Security). But one would have to
choose a user name noone can guess and make sure default accounts that
haven't been renamed have passwords (because their names are well known).

 

[Mark]

I hope this was all "for a test". Or just an experiment. If you're
going to bypass UAC you might as well just turn it off.

Vista is on a test system. I would use this type of method to bypass
UAC, I'd just disable it.

[...] MS decided not to piss people
off and allow them to use their own passwords as they see fit. With the
exception of the admin password. That's the one password they wanted to
be strong.

If Microsoft wanted the Administrator password to be strong, is a blank
administrator password considered this?

 

[Justin]

That's something you did after the fact. What do you want? A separate
policy for admin and everyone else?

I believe you where forced to create a strong password? Yes? If the user
decided to bash their computer in with a sledge hammer after the install,
that's their prerogative.

I hope this was all "for a test". Or just an experiment. If you're
going to bypass UAC you might as well just turn it off.

Vista is on a test system. I would use this type of method to bypass UAC,
I'd just disable it.

[...] MS decided not to piss people off and allow them to use their own
passwords as they see fit. With the exception of the admin password.
That's the one password they wanted to be strong.

If Microsoft wanted the Administrator password to be strong, is a blank
administrator password considered this?

 

[Robert Pendell]

Actually you are not required to enter a strong administrator password
during installation. If you do not enter one that conforms to what MS
believes is a strong password then you are given a warning. You can
bypass the requirement during installation. I did just that.

 

[Robert Pendell]

I just set my admin password in XP to blank. It can be done. However,
certain tasks will now fail. Remote desktop comes to mind.

Yep. The administrative shares of XP will also fail but that becomes a
moot point in Vista since they are disabled by default anyways. Kinda
made it a pain in the butt for me as I actually used that function.

 

[Justin]

Yep. The administrative shares of XP will also fail but that becomes a
moot point in Vista since they are disabled by default anyways. Kinda
made it a pain in the butt for me as I actually used that function.

I actually like this feature. If you're a home user and you even know what
this is then you can fix it, quick. However, in a business setting I had to
find a solution to constantly block access to these shares.

Imagine, if someone (for whatever reason) got a hold of your admin password.
They would have access to ALL drives on ALL systems. That always scared the
crap out of me.