Built-in Administrator account is disabled, hidden in Windows Vista

In versions of Windows prior to Vista, the Administrator account was enabled and created with a blank password during setup. This left the system vulnerable not only during a Windows installation but after as well. To better protect Vista, Microsoft decided to disable the built-in Administrator account.

In versions of Windows prior to Vista, the Administrator account was enabled and created with a blank password...

during setup. This left the system vulnerable not only during but after a Windows installation. Microsoft realized that this was a major security hole.

To better protect Vista, Microsoft decided that its built-in Administrator account should be disabled by default. So the built-in Administrator account is now disabled in all clean installations and upgrades of Windows Vista.

In fact, it looks like OEMs and system builders are required to disable the built-in Administrator account before delivering the computers to customers.

Administrator account in upgrade installations

For upgrade installations, the built-in Administrator account is kept enabled when there is no other active local Administrator on the computer. However, the built-in Administrator account is disabled by default for new installations and upgrades on domain-joined computers, regardless of whether there are other active local Administrators on the domain-joined computers. Basically, Microsoft believes that there must be a domain administrator (or account with admin privileges) that can log on for administrative purposes.

There are three ways to enable the built-in Administrator account:

  1. Use the AutoLogon unattended Setup setting.
  2. Use the Local Users and Groups MMC console. (You won't find the Administrator account in the User Account Control Panel. But the MMC-based Computer Management section of the Administrative Tools Control Panel does give you access to the Administrator account.)
  3. Use the command line: net user administrator/active:yes. (This is my personal favorite.)

    (Note: You may need to disable User Account Control or else open the elevated (RUNAS) command prompt.)

You can read more about enabling and disabling the built-in Administrator account.

About the author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment, as well as an independent consultant who specializes in the design, implementation and management of Windows networks.

More information on this topic:


This was last published in May 2007

Dig Deeper on Windows Server and Network Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close