As you know, during Windows 10 installation the system prompts creating a user account and grants local administrator privileges to this account. However, during the installation another built-in (hidden) administrator account is created, which is disabled for security reasons. In this article we’ll tell about the built-in Windows 10 Administrator account, what it is used for, how to enable or disable it, and reset the password.
What is a Built-in Administrator Account on Windows?
The Administrator account is created automatically during Windows installation and is used to initialize the operating system. This account is then disabled and the user is prompted to create their account, which is added to the local Administrators group.
The built-in administrator account has unlimited privileges on a computer. This account is not subject to UAC (User Account Control), and all programs are executed without a UAC prompt (this is an important difference from user accounts with administrator privileges). The built-in Administrator in Windows is somewhat similar to root in Linux – it has maximum rights on the system (not as NT AUTHORITY\SYSTEM, of course, but close ones).
The built-in Administrator is disabled by default in Windows 10 and Windows Server 2016. This account cannot be removed or excluded from the Administrators group.
If you boot Windows in Safe or Recovery Mode, the administrator account is automatically enabled.
Renaming the administrator account somewhat reduces the risks, but the main problem is that its SID doesn’t change. The built-in administrator account always has the well-known SID S-1-5-domain-500.
How to Enable the Built-in Administrator Account on Windows 10?
Let’s take a look at some simple ways to enable the built-in Administrator account in Windows 10.
The quickest and easiest way to activate the administrator account is from the command prompt (or PowerShell console) running with elevated privileges.
To do this, run the command:
net user administrator /active:yes
The command completed successfully.
Get-LocalUser -Name "Administrator" | Enable-LocalUser
As we said earlier, in modern versions of Windows, there is no password set for the administrator account. If a domain password complexity policy is applied to your computer, you may see the following message when you try to enable the administrator account:
The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.
In this case, before enabling the administrator account, you need to set a password for it:
net user administrator *
Don’t use a weak password for the built-in administrator (you can generate it using a simple PowerShell script).
If the previous command returns “The user name could not be found”, most likely the administrator account on the computer has been renamed.
You can find out the name of the built-in administrator account on your computer by its known SID (at the end it necessarily contains -500). Use the command:
wmic useraccount where "SID like 'S-1-5-%-500'" get name
In this case, the built-in account has been renamed to admin. To enable it, run:
net user admin /active:yes
To list all local accounts:
net user
If you get an “System error 5 has occurred. Access is denied” when you try to enable the built-in Windows administrator, make sure that the cmd.exe or powershell.exe console is running as an administrator (elevated). Also check that your account is a member of the local Administrators group.
List the groups your account is a member of:
whoami /all
In this example, user1 is not a member of the local Administrators group, and therefore doesn’t have permission to enable the administrator account.
You can display a list of users in the local administrators group in Windows like this:
net localgroup administrators
In this example, there are only two accounts in the Administrators group. If you don’t know the password for any of them, then you don’t have administrator rights on the computer. To enable the built-in administrator account and grant your user account local admin permissions, see the next section of the article
compmgmt.msc and lusrmgr.msc) and the Local Group Policy Editor (gpedit.msc).Open the MMC snap-in Local Users and Groups by entering lusrmgr.msc in the search bar or the command prompt. In the console window, expand the Users section. Find the account named Administrator and double-click it, then uncheck Account is Disabled. Save the changes.
The administrator account is now enabled. You can change its password in this console by selecting Set Password option in the context menu.
You can enable the built-in administrator account through the local GPO. Open the Local Group Policy Editor gpedit.msc (or Local Security Policy Editor — secpol.msc). Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. Find Accounts: Administrator account status policy and set it to Enable.
Update the Group Policy settings with the command: gpupdate /force or just reboot your computer.
After enabling the administrator account in any of the above ways, it will be displayed on the Windows logon screen.
To disable the built-in administrator account, use the command
net user administrator /active:no
If you enabled the built-in Administrator through the Accounts: Administrator account status policy, you will have to disable it (or completely reset all local GPO settings).
Lost Administrator Privileges (Password) on Windows 10
There are situations when you have accidentally disabled your user account with administrator privileges or removed your account from the local admins group. Let’s look at how to enable the built-in Administrator or add your account to the local Administrators group (even if you can’t logon Windows).
You need to boot your computer from a LiveCD (but not an MSDaRT recovery image) or a Windows 10 install media. The easiest way to create a bootable USB stick with a Windows 10 install image is by using the Media Creation Tool.
Press Shift + F10 on the Windows Setup screen. A command prompt will open.
Now you need to determine which drive your Windows is installed on. Run diskpart and enter list vol. In my example, you see that Windows is located on the C: drive. This is the drive letter I will use in the following commands. Type exit to close the diskpart session.
Run the following commands to create a copy of utilman.exe (Ease of Access applet) and replace it with the executable cmd.exe:
copy c:\windows\System32\utilman.exe c:\
copy c:\windows\System32\cmd.exe c:\windows\System32\utilman.exe
Reboot your computer:
wpeutil reboot
Boot Windows normally. On the Windows login screen (with a list of accounts), press the Win + U keys combination.
A command prompt window will open with System privileges. To add your account to the local Administrators group, enable the built-in Windows administrator and reset its password, run the commands:
net localgroup administrators user1 /add
net user Administrator /active:yes
net user administrator *
Now you can logon Windows under the built-in Administrator or your user account, which has been assigned local administrator permissions.
copy c:\utilman.exe c:\windows\System32\utilman.exe
4 comments
For all of the commands, I got a message indicating Access denied.
Its all about the built in administrator password. I inherited a work machine and I can’t get past anything to get stuff installed without this password. I have no access to the person that may have set this password up. Any help would be SO appreciated!
Jennifer
U have allowed someone to be Admintrator of my PHINE IW I CAN’T ACCESS IT OR CONTROL I BSRELY HAD THE PHONE WHEN APPS HIDDEN , EMAILS PASSCODES AND ACCTS HAVE BEEN COMPROMISIZE . PLZ HELP ME GET THiS PHONE F I X THIS US MY SECOND PHONE TO BE COMPROMIZED
I think the boot in safe mode / enable built-in Administrator doesn’t work for Windows 11 anymore?
This method when you are locked out does not work. Windows+U let me enter one command, then fails to open ever again.