Walker News

Should You Enable The Windows Vista Hidden Administrator Account?

Windows Vista regards the user-defined accounts in Administrators group as second-class administrators, which do not inherit complete privileges of the built-in Administrator account.

Thus, when User Account Control (UAC) is turned on, a user-defined account of Administrators group has to acknowledge Consent UI while the built-in Administrator account is not restricted to UAC.

Indeed, this built-in Windows Vista Administrator account is as privileged as the Administrator account in Windows XP, Windows 2000/2003.

By default installation, Windows Vista disables and hides the real, built-in Administrator account. This super user account is not even shown in User Accounts applet of Control Panel.

However, it’s possible to manage (to enable or activate) this hidden Administrator account by using “legacy” Windows User Accounts dialog box. To bring up the old Windows User Accounts dialog box, type this command in Start Search text-box (press Vista Orb) or Windows Command Prompt:
control userpasswords2

Question: Why should I enable the built-in Windows Vista Administrator account?

Here are the points that prompt me to enable this hidden, real Windows Vista Administrator account:
  • The disabled, hidden Vista Administrator account is set with blank password – when this super user account is enabled for the first time, anyone can press ENTER key (no password) to log in this privileged Vista account!
     
  • How difficult to enable the Windows Vista account even without knowing the account password? By using Trinity Rescue Kit (TRK), one can easily activates the disabled Vista SP1 Administrator account.

Imagine if you leave a Vista-enabled Desktop or laptop at office. Then someone comes at night / weekend to reboot or boot up your machine with TRK CD, enable the real Vista super user account, log in and install a Trojan or backdoor program, disable the real Administrator account again.

Of course, the BIOS setup is configured to prompt password before booting OS or entering BIOS maintenance mode eliminates the risk of hacking with TRK CD. (The good of TRK CD turns to be bad when it’s used for a wrong purpose.)

To make it safer (not harder), I decide to enable the super user account and set a strong password for it. From time to time, I will login to this super account to confirm the “strong” password has not been reset or changed. Otherwise, some bad people might have tried to mess with the Vista machine :-(

(Is the “User cannot change password” properties safe from TRK attack? Let me test and back to you later.)

Custom Search

  1. Thomas 07-05-09@11:08

    I’ve burned Trinity rescue 3.3,,Typed winpass u-administrator,typed 1 and entered.But I never get ask if I want to change password it comes back to [root@trk]:(~)# What am I doing wrong?please help thank you

  2. rui 05-07-09@01:40

    i have exactly the same prob. please help. this is realy annoying ;(

  3. Jeff 07-08-10@08:17

    winpass u- administrator is incorrect … should be
    winpass -u Administrator

    Hope that helps !

2014  •  Privacy Policy