Built-in Administrator Account Disabled



Darren Canavor, Program Manager on the UAC team has made a post on the Windows Vista Security blog about changes to the behavior of the built-in Administrator account:


“In Windows Vista we made numerous changes to our user account model. Standard users are now the default user type for new accounts created after initial setup. The Power Users group is effectively deprecated. In addition, we’ve made it much easier to run as a standard user and even administrators run with limited Windows privileges and user rights by default. But people often ask us, “What about the built-in administrator account? Isn’t it a security risk to have an administrator account with no password?”  Yes, in some cases this administrator account could be used to circumvent other security mechanisms. For example, parental controls could not be effective if the child could simply login with the built-in administrator account and do whatever they want, including disabling the Parental Controls.

In Windows Vista RC1 we will have completed a series of changes to disable the built in administrator account under most circumstances. These changes apply to the default administrator account named Administrator, which is created during setup.”

See full post at http://blogs.msdn.com/windowsvistasecurity.


Comments (11)

  1. Kurt says:

    Happy Day!! 🙂

  2. Luc says:

    if the built-in administrator is disabled and if it doesn’t work in safe mode, why the administrator account is created in Vista? it’s totally useless having the administrator account, because you’ve just a protected administrator created during the first installation.

  3. J Wallace says:

    Ok you disable the built-in account and then you created the trusthandler account,,which let’s the system run the show,,,,, Why create Admin Acc at all…. there are files that could become corrupt that only the trusthandler can delete,,,not the Admin…Explain please I’m I missing something..

  4. Craig says:

    If you re-enable the admin account, does it allow you to bypass the UAC screen-darkening if you do a runas?

  5. DT says:

    Guess you didn’t think it all the way thru….

    Upgraded from XP and I can’t access my system now.  Brilliant.  Buttheads!

  6. that guy says:

    so I loaded the OS, and just like I do in XP, I delete the default user and then log in as administrator while I proceed to build the box with my software.  But, I found out too late that the default admin account is disabled.  Shame on me for not being more observant.  But shame on Vista for not warning me I would have no options to log in.  Only solution appears to be reinstall the OS.

    There’s another option, described in the full post:

    If the last local administrator account is inadvertently demoted, disabled or deleted, safe mode will allow the disabled built-in administrator account to logon for disaster recovery.

    HTH

    — Aaron Margosis

  7. Herbert N Swearengen III says:

    I cursed UAC when I was testing Vista. But now that I’m trying to run as a limited user on XP, I’d welcome the feature.

    I didn’t realize all of the obstacles I’d run into with application programs and the operating system utilities.

    The runas command is of limited use because when it is used you are in another user’s enviroment with their settings.

    Herbert, for XP take a look at MakeMeAdmin.  Lots more info about running as a non-admin on XP here.

    HTH

    — Aaron Margosis

  8. vila says:

    I installed rc1 for testing, now i can’t access my computer.The administrator is disabled in safe mode. i don’t have any other user name. i am locked out. can somebody help me. I’m stuck on the start up screen.

  9. Terminator says:

    One can build another user account via Safe Mode if you need to. You dont have to re-install the O/S altogether.

  10. SouL says:

    How? I’m in safemode and it’s telling me to click a username. there are none!!

  11. Admin account is disabled even in safe mode..

    This is a big problem with the vista. I had 2 admin account 1 default admin and one another. Now I demoted my other admin to standard user and everything was good till I needed admin priviliges to install sm s/w. But now ‘coz my built in admin is disabled and no other admin is in the box. I’m stuck.

    Not even safe mode is of any help.

    How am I suppose to install anything or do work that requires admin privileges if I dont hav admin rights .