Why is there a hidden admin account in safe boot?

[Michael Solomon \(MS-MVP Windows Shell/User\)]

By default, there is a hidden administrator account on all XP systems. This
ensures that even if a user deletes the administrator user profile they have
created, they can still access the system. The hidden administrator isn't
not designed for nor should it be used for regular functions. Sometimes
people going to safe mode are unable to access the admin account are for
some reason unable to access that account or it has become corrupt in which
case they can try and use the hidden machine admin account.

It cannot be deleted nor should it be deleted.

 

[george]

I've just discovered that when I boot into safe mode on my xp
machine, there is a second admin account titled "Administrator"& with
its own password! In normal use, I have this stand alone pc set up with
my own account as the only admin priveledged account so I was just
wondering why there is this second account that appears in safe mode,
what is it for & how do I go about getting rid of it (assuming that it's
a good idea!)? Thanks in advance!

That is a built-in account with all Windows NT / 2000 / 2003 / XP systems
and because of it being 'built-in' it cannot be removed, nor should you want
to, it's your final fallback in case things get out of shape.
You *can* however rename this account to read something else than
Administrator, just make sure *you* remember what you changed it intom just
in case you might need it 6 months down the road. Also make sure you
remember the password you assigned to it.

Hope you never need it.

)
george

 

[Tim Lister]

I've just discovered that when I boot into safe mode on my xp
machine, there is a second admin account titled "Administrator"& with
its own password! In normal use, I have this stand alone pc set up with
my own account as the only admin priveledged account so I was just
wondering why there is this second account that appears in safe mode,
what is it for & how do I go about getting rid of it (assuming that it's
a good idea!)? Thanks in advance!

 

[francis gérard]

That is a built-in account with all Windows NT / 2000 / 2003 / XP systems
and because of it being 'built-in' it cannot be removed, nor should you
want
to, it's your final fallback in case things get out of shape.
You *can* however rename this account to read something else than
Administrator, just make sure *you* remember what you changed it intom
just
in case you might need it 6 months down the road. Also make sure you
remember the password you assigned to it.

and it's worth mentioning also, the default Administrator account may NOT
have been assigned a password during the setup of WindowsXP on Tim's
machine, ie, it may be a <blank> password or if his system was built/setup
by an OEM, maybe a password unknown to Tim. in either case, Tim should
*change* the password for the Administrator account, then write it down and
store in a safe place. why should he change it? obviously the Administator
account has full administrative privileges on the system, if a local or
remote hacker attempted to gain access to his machine, what account do you
think they're gonna try to hack-in with first? the Administrator account
with a <blank> password is a rather convenient place to start, i would
think.

to change the password assigned to the Administrator account, either logon
to the Administrator account with the current password, if known, possibly
<blank> or <password>, and change it from there
OR
if Tim doesn't know the password for the Administrator account, AND his own
user account is a member of the administator's group, then as an
administrator himself, he can change the password on the Administrator
account while logged-on to his own account.

so, to change the password on the Administrator account, do this:

- Start menu, Settings, Control Panel, Administrative Tools, Computer
Management

- in the Computer Management console, expand the (+) Local Users and Groups
tree, click on Users folder, right-click on the Administrator account,
select Set Password (ignore and click Proceed on the warning dialogue),
enter the new password twice, press OK

(note - the dire warning about the Administrator account losing access to
data can be safely ignored since in most cases, at least in Tim's case, the
Administrator account has only been used during machine setup, thus there
are NO encrypted files, security certificates, yadayadayada that could be
lost from that account)

tip - do NOT make the password for the Administrator account the same as any
other user account... that would simply be a dumb thing to do, use a STRONG
password for any account with administative privileges, and at least 8
characters long, mixed case with embedded numbers and punctuation... if
you're paranoid, that is ;-)

tip - a shortcut to the User Accounts Manager can easily be created also.
desktop, right-click, new shortcut, type LUSRMGR.MSC in the location field,
press Next, type User Accounts Manager for the shortcut name, press Finish.

next please...

 

[george]

and it's worth mentioning also, the default Administrator account may NOT
have been assigned a password during the setup of WindowsXP on Tim's
machine, ie, it may be a <blank> password or if his system was built/setup
by an OEM, maybe a password unknown to Tim. in either case, Tim should
*change* the password for the Administrator account, then write it down and
store in a safe place. why should he change it? obviously the Administator
account has full administrative privileges on the system, if a local or
remote hacker attempted to gain access to his machine, what account do you
think they're gonna try to hack-in with first? the Administrator account
with a <blank> password is a rather convenient place to start, i would
think.

to change the password assigned to the Administrator account, either logon
to the Administrator account with the current password, if known, possibly
<blank> or <password>, and change it from there
OR
if Tim doesn't know the password for the Administrator account, AND his own
user account is a member of the administator's group, then as an
administrator himself, he can change the password on the Administrator
account while logged-on to his own account.

so, to change the password on the Administrator account, do this:

- Start menu, Settings, Control Panel, Administrative Tools, Computer
Management

- in the Computer Management console, expand the (+) Local Users and Groups
tree, click on Users folder, right-click on the Administrator account,
select Set Password (ignore and click Proceed on the warning dialogue),
enter the new password twice, press OK

(note - the dire warning about the Administrator account losing access to
data can be safely ignored since in most cases, at least in Tim's case, the
Administrator account has only been used during machine setup, thus there
are NO encrypted files, security certificates, yadayadayada that could be
lost from that account)

tip - do NOT make the password for the Administrator account the same as any
other user account... that would simply be a dumb thing to do, use a STRONG
password for any account with administative privileges, and at least 8
characters long, mixed case with embedded numbers and punctuation... if
you're paranoid, that is ;-)

tip - a shortcut to the User Accounts Manager can easily be created also.
desktop, right-click, new shortcut, type LUSRMGR.MSC in the location field,
press Next, type User Accounts Manager for the shortcut name, press Finish.

next please...

good point.

tx

george

 

[Steve N.]

and it's worth mentioning also, the default Administrator account may NOT
have been assigned a password during the setup of WindowsXP on Tim's
machine, ie, it may be a <blank> password or if his system was built/setup
by an OEM, maybe a password unknown to Tim. in either case, Tim should
*change* the password for the Administrator account, then write it down and
store in a safe place. why should he change it? obviously the Administator
account has full administrative privileges on the system, if a local or
remote hacker attempted to gain access to his machine, what account do you
think they're gonna try to hack-in with first? the Administrator account
with a <blank> password is a rather convenient place to start, i would
think.

to change the password assigned to the Administrator account, either logon
to the Administrator account with the current password, if known, possibly
<blank> or <password>, and change it from there
OR
if Tim doesn't know the password for the Administrator account, AND his own
user account is a member of the administator's group, then as an
administrator himself, he can change the password on the Administrator
account while logged-on to his own account.

so, to change the password on the Administrator account, do this:

- Start menu, Settings, Control Panel, Administrative Tools, Computer
Management

- in the Computer Management console, expand the (+) Local Users and Groups
tree, click on Users folder, right-click on the Administrator account,
select Set Password (ignore and click Proceed on the warning dialogue),
enter the new password twice, press OK

(note - the dire warning about the Administrator account losing access to
data can be safely ignored since in most cases, at least in Tim's case, the
Administrator account has only been used during machine setup, thus there
are NO encrypted files, security certificates, yadayadayada that could be
lost from that account)

tip - do NOT make the password for the Administrator account the same as any
other user account... that would simply be a dumb thing to do, use a STRONG
password for any account with administative privileges, and at least 8
characters long, mixed case with embedded numbers and punctuation... if
you're paranoid, that is ;-)

tip - a shortcut to the User Accounts Manager can easily be created also.
desktop, right-click, new shortcut, type LUSRMGR.MSC in the location field,
press Next, type User Accounts Manager for the shortcut name, press Finish.

next please...

Excellent advice.

I think is is just plain frikkin STUPID that in XP Home Edition that by
default the administrator password is BLANK! So much for "advanced
security" Microsoft! Like XP Pro, it SHOULD prompt for an Administrator
password at install/first bootup!

I swear some of those bozo's at M$ must be on dumb@ss drugs.

Steve

 

[Alex Nichol]

I've just discovered that when I boot into safe mode on my xp
machine, there is a second admin account titled "Administrator"& with
its own password! In normal use, I have this stand alone pc set up with
my own account as the only admin priveledged account so I was just
wondering why there is this second account that appears in safe mode,

It is there for emergencies. Like when little Johnny finds the way to
change all passwords and then forgets what he changed them to; or when
you trip and delete your regular Admin account. Which is why it is
hidden once there *is* a user level administrator

 

[george]

It is there for emergencies. Like when little Johnny finds the way to
change all passwords and then forgets what he changed them to; or when
you trip and delete your regular Admin account. Which is why it is
hidden once there *is* a user level administrator

Using his XP Home, little Johnny (having roamed the newsgroups for a while
now!) is most likely to be such a clever dicky that he uses the
Administrator <initial blank password> combo to lock everyone else out and
set *his* password for the Administrator account.

))

george

 

[Malke]

Using his XP Home, little Johnny (having roamed the newsgroups for a
while now!) is most likely to be such a clever dicky that he uses the
Administrator <initial blank password> combo to lock everyone else out
and set *his* password for the Administrator account.

That's possible of course, but then the clever computer tech person
comes in and easily breaks into the system by changing the
Administrator password. No problem.

Malke

 

[Tim Lister]

and it's worth mentioning also, the default Administrator account may NOT
have been assigned a password during the setup of WindowsXP on Tim's
machine, ie, it may be a <blank> password or if his system was built/setup
by an OEM, maybe a password unknown to Tim. in either case, Tim should
*change* the password for the Administrator account, then write it down and
store in a safe place. why should he change it? obviously the Administator
account has full administrative privileges on the system, if a local or
remote hacker attempted to gain access to his machine, what account do you
think they're gonna try to hack-in with first? the Administrator account
with a <blank> password is a rather convenient place to start, i would
think.

to change the password assigned to the Administrator account, either logon
to the Administrator account with the current password, if known, possibly
<blank> or <password>, and change it from there
OR
if Tim doesn't know the password for the Administrator account, AND his own
user account is a member of the administator's group, then as an
administrator himself, he can change the password on the Administrator
account while logged-on to his own account.

so, to change the password on the Administrator account, do this:

- Start menu, Settings, Control Panel, Administrative Tools, Computer
Management

- in the Computer Management console, expand the (+) Local Users and Groups
tree, click on Users folder, right-click on the Administrator account,
select Set Password (ignore and click Proceed on the warning dialogue),
enter the new password twice, press OK

(note - the dire warning about the Administrator account losing access to
data can be safely ignored since in most cases, at least in Tim's case, the
Administrator account has only been used during machine setup, thus there
are NO encrypted files, security certificates, yadayadayada that could be
lost from that account)

tip - do NOT make the password for the Administrator account the same as any
other user account... that would simply be a dumb thing to do, use a STRONG
password for any account with administative privileges, and at least 8
characters long, mixed case with embedded numbers and punctuation... if
you're paranoid, that is ;-)

tip - a shortcut to the User Accounts Manager can easily be created also.
desktop, right-click, new shortcut, type LUSRMGR.MSC in the location field,
press Next, type User Accounts Manager for the shortcut name, press Finish.

next please...

Thanks for the advice & for clearing up one of those things that niggle
at me being new to this stuff! It's really neat to be able to ask
questions & get answers from experts!

 

[=?Windows-1252?Q?francis=A0g=E9rard?=]

Thanks for the advice & for clearing up one of those things that niggle
at me being new to this stuff! It's really neat to be able to ask
questions & get answers from experts!

no worries, glad i/we could help, and as they say, do unto others

 

[Andre Da Costa]

If its an ASP.Net account, you can delete, but if its a Administrator
account, I would suggest leaving it.

Only keep the Administrator Account and accounts you and trusted individuals
have created on the computer.

Andre Da Costa