The secret administrator account, at that.
We tend to think of accounts on your Windows PC as being either administrator or limited. There are reasons to use both in various situations.
But what you think of as an administrator account isn’t really THE administrator account. Some computers have another account that has been referred to as a super-administrator mode.
Computers can run in limited, administrator-capable, or administrator accounts. I’ll describe the differences between the three and how to access the most powerful account of all.
Become a Patron of Ask Leo! and go ad-free!
Enable the administrator account
Besides the standard limited and administrator-capable accounts, there’s a more powerful administrator account. It’s disabled by default. Enable it by running “net user administrator /active:yes” in an administrative comment prompt. This account runs without UAC prompts and initially has no password, which poses a security risk. You can use it for specific maintenance tasks to avoid repeated UAC interruptions, but it’s crucial to set a password if you activate it.
Limited user accounts
Limited user accounts (LUA) run with restricted privileges. This prevents malware from being able to do whatever it might want to on your machine. When running with an LUA account you, and malware, don’t have the privileges to make system-level changes to you machine. In some corporate environments, it prevents you from making changes to your system contrary to your IT department’s wishes… but that doesn’t mean you can’t try.
When you attempt to make system-level changes while signed into a LUA, or try to run an application that requires true administrative access from the get-go, you’re likely to be presented with the UAC, or “User Account Control”, message.
In order to proceed, you must prove you are authorized to do so by providing the credentials for an administrator-capable account on that machine. Otherwise, you can’t do whatever you are trying to do.
Administrator-capable accounts
This is the default type of account created when you set up Windows. While we call them administrator accounts, they’re really not; they’re what I refer to as administrator-capable.
When running normally, they run much like an LUA. And like an LUA, when administrative access is required, you’ll see the UAC prompt.
The difference is simply that you don’t need to authenticate any further. All you need do is say “yes”. When using an administrator-capable account, no further authorization is required.
That’s the primary difference between LUA and administrator-capable accounts: whether or not UAC requires more authorization or you can just click on Yes.
The real administrator account
There is another account, called the administrator account, in every version of Windows. Using that account, you are running in administrator mode all the time. There are no UAC prompts to get in the way.
By default, it even has no password!
Also by default, you have to enable it before you can use it.
In an administrative command prompt, run:
net user administrator /active:yes
The output will be very boring.
Sign out of Windows.
On the sign-in screen, you’ll now see the Administrator account listed as an option.
Click Sign in, and you’re in as administrator. You have full control.
The built-in security hole
But wait: all you had to do was click Sign in. No password was required.
That’s a huge security issue.
So the first thing you should do is set a password.
Hit the Start button, and search for “password”. Click on Change your password when it appears. This will take you to the Sign-in options page of the Settings app.
Click on the down-arrow to the right of the “Password” item. Then click the “Add” button that appears.
Enter your new password, add a password hint, and you’re done.
So why would you want this account?
Normally, you don’t need to operate your computer from the administrative account. That’s one reason it’s disabled by default. Your administrator-capable account is all you need for day-to-day computing.
However, in some situations — perhaps involving maintenance or other situations where you’d end up facing UAC over and over again — it might be a useful way to streamline your work.
Do not use the administrator account as your regular work account. Any accidental system changes would not require confirmation. Even more troubling, malware could install itself without notice.
I recommend living with the occasional UAC.
Do this
Live with UAC.
But if you can’t, or have a scenario where being the One True Administrator for your machine would be helpful, you can turn it on. Just be sure to add a password. Sign back into your normal account when you’re done.
Administrative access is not required to subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
I remember in the old days when I’d get administrator access on store display computers and surf the Web. I’d sometimes make myself the administrator by setting a password.
I’ve used that account on my computer only a couple of times when the normal means of gaining access to a file didn’t work.
Does the obvious “net user administrator /active:no” disable the administrator account?
Yes.
How do I determine what admin account I have currently?
If you haven’t followed the steps outlined in this article, you have an administrator capable account.
Off topic but important info about the deleterious effect of the Chrome Browser “swipe enabled” on a PC:
NOTE: If you do your computer stuff from a device with a swipe feature, ignore this post.This is for PC Chrome Browser users that do everything with a mouse and a keyboard.
I recently discovered this and I am passing it on to readers here to help them make their computers last longer.
I am running a PC monitoring program called HWiNHO64. It has a LOT of possible things that you can monitor. It is free and NASA uses it. It is free from malware too.
I monitor temperatures, wattage, CPU percentage usage and GPU percentage usage (etc.). It took me a while, but I finally got the software set up to monitor just what I wanted, and not the umpteen possibilities that come off the shelf. What bugged me was why my temps kept spiking for no reason. I discovered the cause was THIS SETTING in Chrome:
Chrome >Settings > Accesibility >
Swipe between pages
Navigate back and forward with a swipe gesture
Chrome has it ON by default. I turned it off and the temperature spike stopped. So, why is this important? Because routine 70 degrees C (158°F) or higher equals short term life for a CPU.
Since there is no swipe software on my PC, the computer goes bananas for a while trying to find a swipe thing that ain’t there. I need that like a dog needs ticks.
I have my alerts set on the HWiNHO64 software to >= 145°F to be super safe. My Dell Inspiron PC is now 8 years old and has outlasted any PC I had before. I’m pretty sure that is because I keep the temperatures in the safe zone. I recommend you do the same, but even if you don’t, TURN OFF THAT SWIPE FEATURE ON CHROME if you have no swipe software on your PC. You will help extend the life of your PC by avoiding needless temperature spikes.
I use Autohotkey scripts to run triggered alert actions. They help.
Old Saying by me: Frugality is Freedom.
Maybe frugality does not equate to freedom, but it can help you preserve the freedom you still have.
I turned that swipe off in my chromium browser in my Debian laptop. Thanks.
I’m using Win 8.1 Pro. I’m logging in as administrator but still there are some files I get the message ” Amin permission needed”
How can I apply your article for my operating system.
See these articles:
How Do I Copy Files When Windows Says I Don’t Have Permission to Access This Folder?
How Do I Run a Program “As Administrator”?
I just turn off UAC every time I get a new PC, by going to UAC and changing it to Never.
Great if it works for you. Not recommended in general, though.
Turning off UAC allows malware to install itself without having to ask for permission. UAC requires all installation and programs that require low level access to your computer to ask your permission before executing. Without UAC, you are vulnerable to drive-by malware attacks.