Daddy Bob's Computer Q & A

	Archives
	Articles
	Downloads
	Tips & Tricks
	Shortcut Keys
	Other Interests
	Questions Log
	Search

DADDY BOB'S COMPUTER Q & A

March 21, 2010

Q. I have an administrator account in Vista, yet I am required to use "Run as Administrator" for some operations. Why?

A. There is a difference between a normal administrator account with administrator privileges and built in Administrator account.

In Windows XP, Vista and Windows 7 there is a built in, hidden Administrator account that has total control over everything. This built in account is usually designated by using a capital 'A' in Administrator. In this article, when I refer to the built in Administrator account I will use the Cap "A".

When signed on using a normal administrator account and you click "Run as Administrator", you are accessing the built in Administrator account.

In XP, this built in Administrator account is far less hidden, and can be easily accessed by just starting up XP in safe mode where it is displayed and can be used. In Vista and Windows 7 it is more difficult to access this account. Here's why.

If John, the user of a XP computer, has set a password for his account to prevent anyone else from accessing the account, this can normally be easily bypassed. Anyone can simply start the computer in safe mode, sign on using the built in Administrator account, and remove John's password. Then restart the computer normally, and access John's account.

Of course, had the built in Administrator account been assigned a password this would not be possible. BUT by default, when Windows XP is installed and the built in Administrator account is automatically created, there is no password automatically assigned to it. Businesses usually correct this by signing on with the built in Administrator account and assigning it a password, but most normal users do not.

The built-in Administrator account is not enabled by default in Vista or Windows 7 as it is in XP. Instead you use a default normal administrator account that was created during installation. This normal administrator account is not the same as the built-in Administrator account and does not have all the privileges.

Other than using the Run as Administrator setting, There are several ways to activate the built in Administrator account on Vista or Windows 7 should that be desired. This can be done using the "Local Users and Group Manager", the Local Policy Editor" or an Elevated Command Prompt. Since the first two of these are not available in any of the Home versions, I'll only cover the third one, the Elevated Command Prompt here.

To access an elevated command prompt, click the Start orb, and enter cmd in the search box. At the top of the displayed list, under Programs you will see cmd.exe. Right click on this and select Run As Administrator. Click Yes at the UAC prompt, and this will open a command prompt using the built in Administrator account. Enter this line exactly as shown to activate the built in Administrator account:
net user administrator /active:yes
and press enter. To deactivate the built in Administrator account follow the same procedure using the same line but substitute no instead of yes at the end. Close the elevated command prompt by typing exit and pressing enter. Click the start orb, and choose Log Off and you will see the built in Administrator account icon at the log on screen. If you do not want this Administrator's icon to be displayed at the log on screen, see this previous article.

If you do activate the built in Administrator account, it is strongly recommended that you create a password for it to prevent other users from using it.

Something that should be noted here as a word of warning. Anyone with an administrator's account on a XP, Vista or Windows 7 computer can modify and even delete any other account on that computer including the special built in Administrator's account. So, if you have created more than one administrator type account on a computer do not be fooled into thinking that any one of them is safe from the other even if password protected. It is not. For this reason, it is recommended that there be only one Administrator account per computer and the other users should use "Limited" accounts on XP or "Standard" accounts on Vista and Windows 7.

Click HERE to view or download as a Microsoft Word document

Disclaimer:

The materials in this site are provided "as is" and without warranties of any kind, either express or implied. To the fullest extent permissible pursuant to applicable law, I disclaim all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose. I do not warrant that the functions contained in the materials on this site will be uninterrupted or error-free, that defects will be corrected, or that any site or the servers that make such materials available are free of viruses, spyware, adware, or other harmful components, although all efforts have been made to assure that they are. I do not warrant or make any representations regarding the use or the results of the use of the materials on this site in terms of their correctness, accuracy, reliability, or otherwise. You assume the entire cost of all necessary servicing, repair, or correction. Applicable law may not allow the exclusion of implied warranties, so the above exclusion may not apply to you.