Built-in Administrator account is disabled, hidden in Windows Vista

In versions of Windows prior to Vista, the Administrator account was enabled and created with a blank password during setup. This left the system vulnerable not only during a Windows installation but after as well. To better protect Vista, Microsoft decided to disable the built-in Administrator account.

In versions of Windows prior to Vista, the Administrator account was enabled and created with a blank password during setup. This left the system vulnerable not only during but after a Windows installation. Microsoft realized that this was a major security hole.

To better protect Vista, Microsoft decided that its built-in Administrator account should be disabled by default. So the built-in Administrator account is now disabled in all clean installations and upgrades of Windows Vista.

In fact, it looks like OEMs and system builders are required to disable the built-in Administrator account before delivering the computers to customers.

Administrator account in upgrade installations

For upgrade installations, the built-in Administrator account is kept enabled when there is no other active local Administrator on the computer. However, the built-in Administrator account is disabled by default for new installations and upgrades on domain-joined computers, regardless of whether there are other active local Administrators on the domain-joined computers. Basically, Microsoft believes that there must be a domain administrator (or account with admin privileges) that can log on for administrative purposes.

There are three ways to enable the built-in Administrator account:

  1. Use the AutoLogon unattended Setup setting.
  2. Use the Local Users and Groups MMC console. (You won't find the Administrator account in the User Account Control Panel. But the MMC-based Computer Management section of the Administrative Tools Control Panel does give you access to the Administrator account.)
  3. Use the command line: net user administrator/active:yes. (This is my personal favorite.)

    (Note: You may need to disable User Account Control or else open the elevated (RUNAS) command prompt.)

You can read more about enabling and disabling the built-in Administrator account.

About the author: Tim Fenner (MCSE, MCSA: Messaging, Network+ and A+) is a senior systems administrator who oversees a Microsoft Windows, Exchange and Office environment, as well as an independent consultant who specializes in the design, implementation and management of Windows networks.

More information on this topic:


This was first published in May 2007
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close