Does ADMINISTRATOR Account Exist?

[John]

Is there still a separate Administrator user account in Vista or is that
account now replaced by any user account with administrator rights? I don't
see any user with the name ADMINISTRATOR.

 

[Tiberius]

It exists but it is well hidden...
I posted a tweak some time ago that explained how to make it vieable
again...

ill try to find it and post back

 

[Tiberius]

ahh yes .. see here

http://www.computerworld.com/action...ewArticleBasic&articleId=9015738&pageNumber=1

Number 2:

Unlock the supersecret Administrator account

Deep inside the bowels of Windows Vista, there's a secret Administrator
account, and it's different from the normal administrator account you most
likely have set up on your PC. This Administrator account is not part of the
Administrator group. (Confused yet? You should be.) It's a kind of
superadministrator, akin to the root account in Unix, and by default it's
turned off and hidden. (In describing this hack, we'll always use the
capital "A" for the secret Administrator account, and a lowercase "a" for a
normal administrator account.)

 

[dev]

/John/ said:

Is there still a separate Administrator user account in Vista or is that
account now replaced by any user account with administrator rights? I don't
see any user with the name ADMINISTRATOR.

START button|HELP & SUPPORT
Into the search box, type "administrator"

 

[Peter]

It's disabled by default. If you go to Start/All programs/Administrative
Tools/Computer Management/Local Users and Groups/Users and double-click
Administrator you will see the settings there.
If you uncheck "Account is disabled" it will then show on the log-in screen.
Bit if you do that I would suggest immediately logging into it and
passwording it via Control Panel/User Accounts & Family Safety/User Accounts

 

[John]

Thank you all for your help. I have brought the ADMINISTRATOR to life.

One further question:

Is there a difference in making changes to any part of Vista if you are a
User with Administrator rights or if you are the real ADMINISTRATOR?

 

[Guest]

There's probably no good reason to activate the built-in Administrator
account in Vista. That account is designed to be disabled, except in cases
where no other admin account is viable on the system. When a serious system
error condition causes no other admin accounts to be available you can boot
into Safe Mode and will find that Administrator is, indeed, available. And it
won't require a password for logon.

I know there are people posting how to activate the account. But you might
want to ask yourself why Microsoft chose to have it disabled in the first
place. The security architecture of this OS is designed to work with that
account disabled. Sometimes, with a new OS, it's best to check out its design
to see if, maybe, it will work better than its predecessor -- before trying
to make it behave just like its predecessor.

I'm no trying to preach. I'm just advising some caution, along with some
good old-fashioned curiosity and the chance to learn something new.

 

[John]

I agree with your thinking. My hope was the hidden ADMINISTRATOR account had
'powers' beyond a user with administrative rights. I need some of these
'powers' to make a registry edit work in IE7... or so I thought.

But isn't this a glaring security hole: "When a serious system
error condition causes no other admin accounts to be available you can boot
into Safe Mode and will find that Administrator is, indeed, available. And
it
won't require a password for logon."

Couldn't anyone boot this way and hack the computer? I must be missing
something.

 

[Guest]

The built-in administrator isn't really different, from an operational
standpoint, than any other admin account -- other than there being no UAC
prompt (AFAIK) when you do something that requires elevated privileges. That,
in and of itself, is a good reason to leave the account deactivated.

It may be true that a malicious person might find a way to disable the other
admin accounts so that s/he could reboot and gain access to the system
through the password-less Administrator account. (Just booting to Safe Mode
with even one other admin account still viable will NOT get you the ability
to log in as Administrator.) But, if you think about it, the only effective
way to do that would be to already have logged in as an admin or to boot with
an alternative OS (on CD/DVD, other drive, etc.) in order to damage those
accounts. In either case, the person already has had access to everything
anyway.

You really can't protect a system from a determined, knowledgeable person
who already has had access to the system as an admin. The passwordless
Administrator account which only becomes available when all other admin
accounts fail can make life a lot easier for tech support people. (No more
forgotten passwords.) I imagine that this was a prime motivating factor in
the way Microsoft designed this feature.

BTW, I did activate my Administrator account temporarily on my Vista systems
-- just long enough to put a really nasty password on it. Then I deactivated
the accounts on all Vista machines. But that was before I had thought my way
through the way the feature works. Not sure that it matters, anyway. I use a
BIOS startup password and take all drives but the primary hard drive out of
the boot sequence on my critical systems. The drive is encrypted through the
BIOS, so moving it to another system won't gain admittance to the data on it.
But those precautions are, I think, pretty extreme and more than most people
want or need.

Regarding the actual question in your original post, if your version of
Vista has a policy editor you can open compmgmt.msc and look under Local
Users and Computers to confirm that the Administrator account does, indeed,
exist. But the account doesn't show up in "control userpasswords2" -- unless
it has been activated.

 

[Kcpirana]

Hm. There's no "Local Users & Groups" when I get to Computer Management.
What might THAT mean?

Kristy

 

[Guest]

Hi, again!

It means that you have one of the home versions of Vista that do not have a
policy editor. I'm sorry. I thought I explained that in the other thread. No
policy editor, no ability to view policies -- at least not this way. But that
does not mean that there is anything wrong with your OS. That's just the way
Microsoft designed the versions of Vista (and Windows XP) that do not have to
be members of domains.

 

[Doris Day - MFB]

begin 666 clear.gif
K1TE&.#EA`0`!`( ``/___P```"'Y! $`````+ `````!``$```("1 $`.P``
`
end

Whats that? Some kind of secret Vista code?

Love and Kisses,
Doris

--
My Microsoft Hero (he loves this company!) ... http://tinyurl.com/yp9cn2
Installing: Windows vs Linux ... http://tinyurl.com/ywqmbw
BallmerBumBois: Frank, Julian, Richard Urban, Jupiter Jones, Harry Krause,
Feliks Dzerzhinsky
Sorry if I missed anyone, place your name here _________________.

 

[Tiberius]

its stupid outlook express that although you have it set to post in text
only,
when you copy and paste from a site it takes with it images
and puts them as attachments.. lol


Your newsreader Knode translate the image into a string of text...

anyway.. ignore it...

 

[Kcpirana]

OH! So, it might be that it's a HOME version! I get it now! Thanks again!

Kristy

 

[Robert Robinson]

Hm. There's no "Local Users & Groups" when I get to Computer
Management. What might THAT mean?

Kristy

Microsoft has a very poor implementation of "Administrator" privileges.
It doesn't make sense that a user with administrator privileges isn't a
real administrator.
UNIX/Linux has a far better approach to assigning administrative
privileges. A user can become a superuser (su) by entering this user
request followed by the appropriate password. "su" is then a real
administrator.
One can reduce the annoyance of the nag messages in Vista by giving a
user administrative privileges and suppressing the reminders.