How to Activate the Vista Administrator - /Active:Yes
How to Activate the Vista Administrator - /Active:Yes
Not many people know that Vista has a hidden super-user account. I will show you how to
activate this Vista Administrator account via a 'Net User' command. One benefit of logging on as this super
account is that you will never be prompted for the nagging UAC dialog box.
Key decision - decide if you need a password for the administrator's account that you are
going to activate. My point is that the local policy may insist on a complex password, thus you will not be able to
activate the administrator with a blank password. This technique also
works on Windows Server 2008, however on that operating system it is more likely
you will set
/active:no.
Overview
Logon to
Vista using your usual account.
Launch the cmd prompt - Make sure you select, 'Run as administrator'
Net user administrator p@ssw0rD
Net user administrator
/active:yes
Switch User, or logoff
Logon as Administrator: Password p@ssw0rD (Your password may be different!)
Detailed Instructions to Activate the Administrator
Logon to Vista using your normal username and password.
Click on the Start button
Click on Start Search.
Type,cmd.
Right-click cmd, select 'Run as administrator' from the shortcut menu.
In the black 'DOS box', type the following at the command line: Net help
user
The idea of the last command is just to observe the options for Net User. In particular, examine the
syntax to set the password.
The next instruction is the crucial command. I have chosen password = p@ssw0rD, you may want to choose different characters.
Net user administrator p@ssw0rd
Net user administrator
/active:yes
Check the message : The command completed successfully
Switch User, or logoff
Logon as Administrator Password p@ssw0rD (Your password may be different!)
Trap1: There should be no space between the word 'active' and the colon.
/active :yes is wrong.
/active:yes is correct.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its
also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
If you prefer a simpler method, visit the Local Security policy,
incidentally, this MMC is worth exploring in its own right.
This is how you navigate to the Local Security Policy.
Firstly click on Vista's Start orb, then in the Start Search dialog box type:
secpol.msc. Note: you must include the .msc extension.
Secondly drill down to Local Policy, Security Options
Thirdly double click Accounts: Administrator account status, and select
enable.
Here is an utility where you can review firewall settings such as
access control lists (ACL), or troubleshoot problems with network
address translation (NAT).
Other reasons to download this SolarWinds Firewall Browser include
managing requests to change your firewall settings, and testing firewall
rules before you go live.
The main benefit of activating this hidden Vista Administrator is so that you have
access to an account, which does not suffer from the annoying UAC dialog box. Although it is possible to suppress the UAC with a local policy, there is a lingering fear that security is being weakened.
Another worry is that rumours persist that some commands don't work properly if you turn off the UAC.
Linked to the benefit of suppressing the UAC dialog box is the fact that this Administrator
account has elevated privileges. What this means is that if your run CMD you don't have to 'Run as administrator' before you get unrestricted access to the command line.
Another benefit of knowing this method is to keep the hidden Vista administrator account as a 'back door', for
example, if you inadvertently lock out
your main account. Sitting there at your computer, you can never believe that you will be so foolish as to lock yourself out, yet logic dictates that somewhere in the world, someone has just done that: locked
themselves out of Vista. Would not they like to know how to activate the administrator account?
Naturally, it is a case of administrator by name and administrator by function, this super user is a
member of the Local Administrator's group. In many ways this super Administrator account reminds me of the Unix root account. As I am not a 'professor' of Unix I do not know if you can hide root, but you can hide
Vista's administrator account with this command:
Activating this super account
provides a good opportunity to examine where you can configure Vista's accounts. Click on the Start button, Control Panel and select --> User Accounts:
My point is that you can check in the GUI whether accounts have activated
successfully. /Active:yes the account is visible. /active:no the
User Name disappears from the list below.
Trap: Before you can make ANY changes to ANY account, you
must make sure that this box is ticked: 'Users must enter a user name and password to use this computer'. See screenshot below.
Recommended: Solarwinds' Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see WHO has permissions
to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, and takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free SolarWinds utility saves when you are
troubleshooting authorization problems for user's access to a resource.
Give this permissions monitor a try - it's free!
Every Windows account has a unique Security Identifier, or SID for short. It has been a traditional for THE administrator's account to have a SID ending in 500. I was surprised therefore, not to see
any such SID number in Vista - until I activated the hidden administrator. When I launched regedit and checked the HKEY_USERS, there was the famous SID ending in 500 (S-1-5-20-2344314121-13413-500), and it
corresponded to the recently activated administrator's account.
One puzzle remained, if, when you initially logon to Vista, can you create (as
opposed to activate) an account called Administrator.
John Wolfe came up with the answer. 'When I tried to name the original account
as Administrator. I was told that the "Account already exists" '.
My point is that you cannot have two accounts with the same name, and unlike previous operating systems, before you can logon to Vista you
must first create an account.
One reason to activate the hidden Vista Administrator account is so that you are no longer nagged by the UAC (User Account Control) prompt. The procedure is straightforward, just head for the cmd
prompt and type: Net user administrator /active:yes.
The only trap is that many systems require a complex password so that you need to add a password to the command string thus Net
user administrator p@ssw0rd Then Net user administrator /active:yes
If you like this page then please share it with your friends
This ebook will explain the workings of the registry. I thoroughly enjoy tweaking the registry, and I want to distill the best of my experiences and pass them on to you.
Each registry tweak has two aims; to solve a specific problem, and to provide general learning points, which help you to master regedit.
Guy Recommends:
SolarWinds' NPM - Network Performance Monitor
SolarWinds' performance monitor is designed for detecting network outages,
making it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps; it also helps
identifying whether the
root cause is faulty equipment, or resource overload. Give NPM a try.
