NOTE: Turns out lusrmgr.msc might only show up if you're running Windows Pro or higher, not home. You can still enable the account via the command prompt method later in the video.
But the built-in account won't let you do a lot of things. Using a regular user account with admin privileges (and disabling UAC) will give you a lot more freedom. At least when I last tried it years ago, a lot of programs and actions refused to run under this account, saying "dude, this account is for maintenance and, well, _administration._ If you want to just use stuff, be a _user"_ (might not be verbatim) I don't remember which things exactly, but I think MS Office, specifically Outlook, was among them.
As you mentioned, the SYSTEM account has the highest privileges within Windows. Anything that runs under this account is basically treated as part of the OS itself. A fun fact though is that if you use the task scheduler, you can actually make anything run using the SYSTEM account by ticking 'run with highest privileges'. This bypasses UAC even if it's enabled so it can be useful if you want to give a program admin permissions on login for example (of course only if you 100% trust it and know what you're doing)
That works on windows NT, 2000 and XP, but i could not make this trick works in more recent Windows versions. That's was a very unsefull trick when I needed to remove viruses by hand from infected systems. If you have a way to make it work on actual version of windows, i'll take it.
Curious when you'll talk about the OOBE of win 10 and its "secret" keyboard shortcuts. (Ctrl-shift-F3 for pre-oobe admin environment, shift-F10 for console, windows 5 times for Autopilot deployments, ...) I use them daily to set up Laptops at work, but it was amazing to learn about them initially as they are so incredibly rarely used by anyone aside Enterprise IT Admins.
I remember watching him so long ago that he used to be like do this if you want your Xbox to turn into a ps4 and the fact some people fell for it made me laugh
Older Windows versions in the NT family also had other ways to get in and / or escalate privileges, including methods that involved renaming the logon screensaver or even scheduling a task to run an elevated Task Manager (before Win7 made it easier to do so.) Fortunately it was rare that such methods were needed, but handy in emergencies.
Thio still seems young so this use case might have escaped him. When you've migrated files from computer to computer... one day you might be looking for a file you created back in the 90's and have no access. The user accounts and from years ago might not be what you use today. Thus, that "Secret" Admin account (which wasn't a secret to me) turned out to be very useful in manually setting permissions of old files so that users of the current computer could access them. The regular admin account hadn't such power.
Omg, that hadn't occured to me as I was just slammed by something pre existing that has root on every hard drive now as I was migrating old drives to a central hub. Took over day 1 New 16char wifi 6 network access (from 4, where it followed from) & sideloaded the droid.+ Factory reset on that Win account. Whatever it was used this, and even air gapped it managed to make my old memories now a time bomb or future storage, from W7-11, Android 11 + 13, (changed to some Chinese bullshit.) Never in my life had tech go this sideways. Oh, found an Access Point through Verizon, that's cute. Fml.
Best practice is to create a new account to be the administrator, so it has a different SID than the built-in Administrator account, and put a strong password on it. Then use a regular User account for your day-to-day use. Then when the UAC comes up it will ask for the password for the admin account rather than just asking "hey ya wanna?".
you can also just change the default account you create to non admin. OFC you have these idiots who use microsoft accounts that have auto admin privaleges :C
but if the user isn't admin, the user rather types the password into a fake UAC. with the admin account, most people would think before they type when they just normally click
@@rohansampat1995 Microsoft accounts can be set to be standard account; they are not required top be admin. The account must be another account other than the out of the box first account though, as the PC needs to have at least one active admin account. If a user has logged as Microsoft account on first setup, they can create another account, or activate this administrator account, go to the other admin account and then set their main Microsoft account as standard account.
Maybe the reason your default admin was not enabled in safe mode is because you had a regular admin account enabled. The default admin is only enabled in safe mode if: 1. There is no other admin or privileged account you can log on (all regular admin users being disabled,...), and 2. The computer is NOT part of a domain.
I remember accessing this account on old school computers to install the software I wanted. I accessed it by booting in safemode and there was no password. Back then (around 2005-2010) it always seemed like it was enabled and without a password as default... at least on pre-built machines
On Windows 7 there was actually a way to use the "SYSTEM" account (most equivalent to Root on Linux actually) with the Windows Explorer and everything. What you had to do was replace the executable for the Windows Accessibility Stuff with "cmd.exe". Then on the login screen when you clicked on the accessibility button a Command prompt would open. From there you'd have to kill the login screen process (probably the trickiest part) and then run explorer.exe from said command prompt. You're now using the System user with UI and all _Technically_ it's still possible on Windows 8 and newer, but the explorer will not run if you're not logged into a regular user account (or the here discussed Admin account)
@@RokeJulianLockhart.s13ouq ofc, but it's not a full user experience with taskbar, start menu and all (which is what I was explaining in my original comment)
@@Chickenbreadlp Indeed. Why engineers in later versions of Windows didn't evaluate explorer.exe with higher levels of privilege than merely administrative is very, very weird. The predecessors bothered to. (After all, file pickers for standard Win32 WinForms software is provided by an API that is independent to explorer, as this demonstrates.)
5:05 There is a Microsoft-provided tool that _can_ open an interactive Powershell or a command prompt (etc.) as SYSTEM… but for 99.99% of admin tasks it's like using a snowplow to scramble eggs.
Yeah about this. Once I forgot the password to my user account and I has no other accounts setup as a backup. So I enabled this admin account from the recovery (by selecting cmd) . I changed the password for my user account and then created another account to be used as a backup
I use the Administrator when I need to copy the files off an old drive user folder as you can copy the files without waiting for it to change the permissions which can take ages. Open an administrator command line and type "net user administrator /active:yes" to disable it again with "net user administrator /active:no"
This is both correct and incorrect - the build in Administrator account is part of the local Administrators group. Default NTFS permissions on all drives include Administrators group with full control. If you have an account which you promoted to local administrator by adding it to the local Administrators group, you would not need to do this. Also, if you are able to do "net user administrator /active:yes", then you are already an administrator and this is unnecessary :).
@@ivanpanchev5894 If you add a drive from an old installation of windows you can access the user files from the main account but it will spend an age on the permissions before you can access it. From the hidden administrator, it justs opens the user folder for you to do with as you wish.
Hi Brian. If you open elevated CMD (or Powershell) with account which is part of the Administrators group - you can browse profile folders without any permissions modification. However, opening it trough Explorer will result in 'you need read permissions' in the security tab (also if you try opening it trough explorer it will start granting explicit permissions to your account). I suspect this is because explorer is not ran in the Administrator context - else non admin users won't be able to use it :D. Could you please try it?
Oh I have gained access to it by accident. I formated my PC and for some reason it redirected me to the Administrator account instead of my normal user account.
@@tzarg laugh out loud out loud out loud *at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch*
For anyone who wants to enable this on windows 10 HOME, open cmd and type net user administrator (Enter a password here) then type net user administrator /active:yes. That will enable the cccount on any HOME version of windows that does not have the group policy editor.
In Windows XP, the account was active and enabled by default, at least prior to SP2. It just wasn't visible on the Welcome Screen. To log in to it, you'd have to press CTRL+ALT+DEL twice when at the Welcome Screen. You'd then be presented with a classic (i.e. Windows 2000 style) login box, and you could just type administrator as the user name and no password (again: default) to log in. I believe Microsoft may have changed the default status of the administrator account in Windows XP Service Pack 2, but, as I said, at least prior to that it was always enabled.
Very interesting video! If I may add some precision to the use of the Default account, I've had the opportunity to set up a deployment server for a company once, and the Default account came in quite handy. First should I say that MDT (Microsoft Deployment Toolkit for making install sequences and other stuff) is using the "super-admin" account, and you can definitely see it using that account when it has to auto-log into it multiple times, doing reboots and all that kind of stuff, so it definitely has a huge utility there. Back to my Default account. Since we were sending around 2 to 3 sometimes up to 5 computers per day on busy days, deploying those computers fast and as automatically as possible is crucial. Though every time we had finished deploying a computer, we had to send it to the user over France, then once the user received it, he had to log in, and call us so we could finish the setup for him. That included setting up shortcuts, bookmarks in chrome, iniatializing the VPN and other stuff. That was quite the time consuming task. So when I prepared that WDS/MDT server (it's the deployment server), we made use of the Default account as a template. Turns out every time you log into a computer with a new user, Windows uses that Default account as template to create your account folder and everything. Knowing this, we could setup the common parameters and for example throw the chrome bookmarks and desktop shortcuts inside that Default folder to their respective place, and it was working like a charm! Windows was loading the modified Default account and when we logged with a new user, everything we could setup with the Default account was there and operating! At least this is the use we made it out of. I'm sure there is some other uses to it! Apologise for the grammar mistakes if I made any!
Onced use this administrator account when I accidentally changed the rights of my own account to 'docker-user only'. Couldn't do anything anymore, this saved me
My computer doesn't have an account called "administrator".....however, since I have pro edition I have modified the name in there to "thy lord and master"......that said, I also have the system account and the psutils to access it. In cmd it reads whoami as ntauthority/system Edit @5:10 Yes the heck you can Using psutils you can run am instance of cmd as system, close explorer.exe then reopen from cmd and you ARE logged in as system at that point
That's more like a "hidden" admin account rather than a "super" admin account because it doesn't do more than what an actual admin account could do anyway except that there is no UAC popup. Anyways very good info. I never knew about this.
The SID 500 account .\Administrator does in fact have rights over regular local admins and domain admins. For example, if you deactivate UAC regulary for another .\Administrators member, a hidden uac feature still is active that prevents certain actions from remote execution. This restriction can only be globally disabled via registry hack, but the .\Administrator is never affected. In rare cases it can make sense to temporarily enable 500 in server environments for this. The main reason you don't use the 500 is that it can be bruteforced endlessly, because it can't be locked out.
That 500 Admin account CAN be locked out/banned, if you enforce a lock on "X failed password attempts" using GPO. I noticed that, when I opened a telnet port on my server towards the internet and that account was banned in less then 10 seconds.
@@Purple.Tentacle It gets even wierder, if I tell you, that account wasn't even enabled. They managed to ban an inactive account over telnet. Had to geoblock countries after that - and then switched to Arch Linux last year.
Using the sethc exploit on the login screen allows you to use the whole pc as system excluding some features like explorer. A lot of functions break under system
@@oyerkproto using psutils from Microsoft you can use system as the entire system including an instance of explorer running under the system account, also full access to regedit, including all the hidden stuff
I do actually use this account as my main account. I've done so for years on both windows 7 and 10. I do understand why you recommend not using it but for an advanced user, such as myself, I know not to go to certain sites, open certain e-mails, download certain things, etc. I also have a 3rd party firewall as well as a firewall in my router, an anti-virus software running 24/7, a malware detection program that can also detect rootkits and I also disable remote desktop and remote registry. I know this isn't going to guarantee I'll never have a problem but I feel comfortable with it. My brother writes some pretty sophisticated security programs for his personal use so I have the benefit of having access to those as well.
I fucked up my windows installation yesterday, but I thankfully had the four USB sticks you told me to make. I only used the windows one but thanks anyway!
On my main PC I've been running as full admin since before Vista came out. I was a beta tester for Vista. Not a single issue has arisen in all these years.
Oh yeah, I remember this account, it was the account that my dumb younger self actually activated, renamed and used as main account each time I reinstalled Windows.
I am a software developer and need to run a lot of batch files, compile applications that modify the registry, and stuff like that on a daily basis. I found that in order to keep my sanity and to be able to do my job efficiently I run Windows using the 'Administrator' account all the time. To run as a regular admin user, I would need to change the permission on the whole C:\ drive and run the command prompt with elevated privileges all the time. I don't use any web browser or email applications on my dev machine and try to minimize the risk of download malware. Thanks for your video and clear explanations.
Nothing secret about the "RID500" account, it's the only true local admin account on a Windows machine. All other members of the administrators are under the "Admin Approval Mode" it's like root vs super user.
You can run programs with the System account and kinda log in to it, though it surely is not to be recommended. :D With certain modifications you can launch a system cmd in the windows login, launch the explorer process with it, and suddenly youre kinda logged in with system account.
This is not completely accurate: - the default "Administrator" account always existed (just look at Windows NT 3, 4 and Windows 2000); - the account with the highest level of privileges, that is equivalent to the Linux' "root" account, is the so-called built-in "SYSTEM" account on Windows. - the "Administrator" account on Windows is slightly less privileged compared to "SYSTEM".
I’ve seen business PCs in 2020 with Windows XP (could not be a big deal if it was not expose to threats like internet) using the Administrator account as the main account as an everyday consult PC, and we talk about a shop with personal with no particular formation in avoiding malware, at least the putted a password to admin although it was four characters long
7:30 actually you can relatively easily escalate to the NTAuthority/System account which has even more permissions than the Administrator account (as in, it doesn't need to edit the ACL to modify core system files).. so yeeah.. disabling the Administrator account to prevent priv escalation isn't really useful
@@ToniMorton Doesn't matter. The restriction is only for the explorer (ie. the explorer checks if its running as SYSTEM and kills itself, if thats the case). A maleware with a priv escalation exploit can still escalate to SYSTEM without any problems.
@@ToniMorton sure, but unlocked physical access is usually out of scope. Even if VID/PID attacks eg Razor drivers are easy to block, hardware probing (SPI/RAM) is usually doable. Silent Windows privescs are common, but I wouldn't call them trivial by any means (at least theory-wise, being a skiddie is always easy). LAPS or disabling LA are industry-standard for good reasons.
This "super admin" account is NOT the root account of Windows NT. The real actual root user is System. It is possible to invoke NT authority System from a user in the Administrators group. Trustedinstaller is also root user. I came back to this video now 2 years later because I somehow turned my normal account into a "super admin" so everything is run as admin, same in the run dialog but I forgot how to disable it.
Windows server pack (2003, 2008, 2012, 2016, 2019, 2022) are enable since installation which when u are installing its, you will be asked to create a account, which is administrator account,
My windows just corrupted where i just lost all my admin rights last night then out comes your video which helped me to get the super admin account through safe mode where i can do a repair upgrade instead of a clean install and all my files can stay intact
there is another way... at the first setup screen on a fresh windows install (OOBE), hit CTRL+shift+F3. the pc reboots and logs in as "administrator" in "sysprep audit mode". dont close the sysprep popup, uninstall bloatware etc, then OK the sysprep popup. handy shortcut. its mainly used for cloning PCs, preinstall apps.
There is a EnableLUA DWORD in the registry. If you set it to 0 you get the same thing the Built-in Administrator account does. Don't do this though. Also, TrustedInstaller is the SYSTEM user. And the SYSTEM user is a user account. You just can't login to it (well, when you're on the login screen you technically are logged in). To prove this, try creating an account called "TrustedInstaller". Then try to create an account called "SYSTEM". See what happens.
Just a tip, this user account is enabled by default in all windows versions up to until windows 7 if I recall correctly, and can be easily accessed booting in safe mode, the account is just there, unprotected and you can for example log in and use NET USER commands to destroy the main accounts passwords and voilá, reboot and access all the accounts you want. This was a huge phisical security risk untill then. Since windows 8, you can no longer access the account by default through safe mode
that account can be exploited even with it disabled. It is actually running in the login screen. There are ways to change the sticky keys app to cmd by just using a recovery disc. No passwords needed. Then you restart, press shift a whole bunch and bam, you have a completely elevated command prompt without even logging in. From there you can do just about anything if you know what you are doing.
Using WinAeroTweaker, there is a registry edit that allows you to enable UAC on the "Super Admin" account, thus nullifying some of it's security risks if a hacker finds out a way to enable it.
I don't recommend running as an administrator at all. After you set up a new computer, you should create a new administrator account ("Admin" for example) and demote your user account to a standard user. Install games (which patch frequently) outside of "Program Files" ("Games" for example, maybe on a second drive if you have one). This way, you shouldn't have to run the game elevated (UAC prompt), which then requires you to run Discord or Ventrilo or whatever elevated, because it needs to intercept the PTT key (Windows prevents non-elevated processes from peeking at the keypresses on an elevated process).
JOE I'm a I.T Guy the reason I used this Account is to Install Some Programs on My Domain Certain Programs we use only will run on the Administrator Account these program will not install on the Computer even if the user is a Admin on the Domain
The main security issue with Administrator account is that is can never be locked out from logging on locally due to wrong password. Major security breach. This feature can be used to try and brute force it through another accont.
Remember dear old windows 2000. The Administrator account was the only default user. If you wanted a user with less privileges you had to create one. So did we all run win2000 as admins? Yup! We did.
You rarely use the root account in Linux/unix anyway. If you need root-type privileges, you just type sudo and put in the root password. It only works for one session/task, and if you do more admin stuff, you have to type sudo again. So if you have to do a lot of tasks that require admin, you log in as root, do the stuff, and log out and back into a regular user account.
the XP also had prompt to give this Admin account password when installing windows, but only on Pro, Home installs were left without the password. so only thing you needed to get into XP machine with Home was to boot into safe mode and use unprotected Administrator to create your new admin account. Woked on like 99% cases, very few ppl using home even heard of it, much less bothered to add password for it.
Wait so as you said that you can enable it from cmd prompt which is also avalible in recovery mode right? Well what if I forgot my main user accounts password and want to recover it back, I can enable and use the admin account to change/delete the password of my main user account right?
It also gives privileges to routine jobs they don’t want you to stop. Like the registration numbers of programs and matches with registered name opens communication so they can shut your computer down
I have two account on my Win 11, that administrator account and normal account. That admin one is to make "important" changes in Settings, control panel etc.
Actually there IS a SuperUser Account in WIndows, you can run cmd on the user NT AUTHORITY\SYSTEM using Process Hacker, type whoami to see the user, also TrusterInstaller is just a group of users tha only contains the SYSTEM Account
![ถามตรงๆ กับ อาจตุพร ทำไม ประเทศไทย ใครเป็นนายก ก็โดนด่า พอออกเเล้วคนคิดถึง!!?? l [Nickynachat]](http://i.ytimg.com/vi/3YFLMXxBGAs/mqdefault.jpg)
![[TH] 2024 PMSL SEA W2D5 | Fall | พลาดวันนี้ จะต้องเสียใจ](http://i.ytimg.com/vi/A5-Cuo12p6A/mqdefault.jpg)
NOTE: Turns out lusrmgr.msc might only show up if you're running Windows Pro or higher, not home. You can still enable the account via the command prompt method later in the video.
Hi
What is ThioTangent™
Cool Thanks Joe That was actually my question
It's worthless, it asks to enter password to log in
I use pro
its fine to always use administrator acc if you're like, sentient and know how to not download malware
First to this commet
true
But the built-in account won't let you do a lot of things. Using a regular user account with admin privileges (and disabling UAC) will give you a lot more freedom.
At least when I last tried it years ago, a lot of programs and actions refused to run under this account, saying "dude, this account is for maintenance and, well, _administration._ If you want to just use stuff, be a _user"_ (might not be verbatim)
I don't remember which things exactly, but I think MS Office, specifically Outlook, was among them.
I'm gaming
100%
As you mentioned, the SYSTEM account has the highest privileges within Windows. Anything that runs under this account is basically treated as part of the OS itself. A fun fact though is that if you use the task scheduler, you can actually make anything run using the SYSTEM account by ticking 'run with highest privileges'. This bypasses UAC even if it's enabled so it can be useful if you want to give a program admin permissions on login for example (of course only if you 100% trust it and know what you're doing)
Correction: system is the second highest. TrustedInstaller has the highest privileges
That works on windows NT, 2000 and XP, but i could not make this trick works in more recent Windows versions. That's was a very unsefull trick when I needed to remove viruses by hand from infected systems.
If you have a way to make it work on actual version of windows, i'll take it.
@@oyerkproto I understood that no user or privilege has full OS access on recent windows versions. But I may have misunderstood something.
Speaking of system, I am trying to log into that user.
@@thepianozoopmasterMAN you can't. It's not a user, it is a privilege.
I don't know how, but whenever am stuck with something on my PC, Thio uploads the exact same video as the solution the next day😂
You may have psychic powers.
Please don't hurt me
You're a wizard,Dhamu
bro.. my name is harsh aswell... but not dhamu my name is harshvardhan nair
*Plot Twist: ThioJoe is the Super Admin*
LOL XD
true:)
lol
*ThioJoe Ban Hammer Sounds intensifies*
lol
Curious when you'll talk about the OOBE of win 10 and its "secret" keyboard shortcuts. (Ctrl-shift-F3 for pre-oobe admin environment, shift-F10 for console, windows 5 times for Autopilot deployments, ...)
I use them daily to set up Laptops at work, but it was amazing to learn about them initially as they are so incredibly rarely used by anyone aside Enterprise IT Admins.
That's not known in our company... Can someone tell me more about it?
I remember watching him so long ago that he used to be like do this if you want your Xbox to turn into a ps4 and the fact some people fell for it made me laugh
I haven't watched Thio since I was 7 (I'm 13 now)
first video I seen was Turn your ps3 to ps4 🤣🤣🤣
lol true
i didnt fall for it but my friend did
What do you mean “fall for it,” all of them work.
Clickbait king
Older Windows versions in the NT family also had other ways to get in and / or escalate privileges, including methods that involved renaming the logon screensaver or even scheduling a task to run an elevated Task Manager (before Win7 made it easier to do so.) Fortunately it was rare that such methods were needed, but handy in emergencies.
Thio still seems young so this use case might have escaped him. When you've migrated files from computer to computer... one day you might be looking for a file you created back in the 90's and have no access. The user accounts and from years ago might not be what you use today. Thus, that "Secret" Admin account (which wasn't a secret to me) turned out to be very useful in manually setting permissions of old files so that users of the current computer could access them. The regular admin account hadn't such power.
Omg, that hadn't occured to me as I was just slammed by something pre existing that has root on every hard drive now as I was migrating old drives to a central hub. Took over day 1 New 16char wifi 6 network access (from 4, where it followed from) & sideloaded the droid.+ Factory reset on that Win account. Whatever it was used this, and even air gapped it managed to make my old memories now a time bomb or future storage, from W7-11, Android 11 + 13, (changed to some Chinese bullshit.) Never in my life had tech go this sideways. Oh, found an Access Point through Verizon, that's cute. Fml.
Linux makes this super easy with chmod and chown
Best practice is to create a new account to be the administrator, so it has a different SID than the built-in Administrator account, and put a strong password on it. Then use a regular User account for your day-to-day use. Then when the UAC comes up it will ask for the password for the admin account rather than just asking "hey ya wanna?".
That would be good for the malware that doesn’t need admins permission.
Do this if your kids using pc
you can also just change the default account you create to non admin. OFC you have these idiots who use microsoft accounts that have auto admin privaleges :C
but if the user isn't admin, the user rather types the password into a fake UAC. with the admin account, most people would think before they type when they just normally click
I use Administrator account and set to ask for password when UAC comes up.
@@rohansampat1995 Microsoft accounts can be set to be standard account; they are not required top be admin.
The account must be another account other than the out of the box first account though, as the PC needs to have at least one active admin account.
If a user has logged as Microsoft account on first setup, they can create another account, or activate this administrator account, go to the other admin account and then set their main Microsoft account as standard account.
Maybe the reason your default admin was not enabled in safe mode is because you had a regular admin account enabled. The default admin is only enabled in safe mode if:
1. There is no other admin or privileged account you can log on (all regular admin users being disabled,...), and
2. The computer is NOT part of a domain.
I remember accessing this account on old school computers to install the software I wanted. I accessed it by booting in safemode and there was no password. Back then (around 2005-2010) it always seemed like it was enabled and without a password as default... at least on pre-built machines
On Windows 7 there was actually a way to use the "SYSTEM" account (most equivalent to Root on Linux actually) with the Windows Explorer and everything.
What you had to do was replace the executable for the Windows Accessibility Stuff with "cmd.exe". Then on the login screen when you clicked on the accessibility button a Command prompt would open. From there you'd have to kill the login screen process (probably the trickiest part) and then run explorer.exe from said command prompt.
You're now using the System user with UI and all
_Technically_ it's still possible on Windows 8 and newer, but the explorer will not run if you're not logged into a regular user account (or the here discussed Admin account)
The filesystem can be navigated via an Open File dialogue of notepad.exe.
@@RokeJulianLockhart.s13ouq ofc, but it's not a full user experience with taskbar, start menu and all (which is what I was explaining in my original comment)
Windows has a system integrity system that will replace the changed original exe.
@@Chickenbreadlp Indeed. Why engineers in later versions of Windows didn't evaluate explorer.exe with higher levels of privilege than merely administrative is very, very weird. The predecessors bothered to. (After all, file pickers for standard Win32 WinForms software is provided by an API that is independent to explorer, as this demonstrates.)
As Enderman usually demonstrates, sethc.exe usually isn't checked as part of System Integrity Protection@@RKingis
5:05 There is a Microsoft-provided tool that _can_ open an interactive Powershell or a command prompt (etc.) as SYSTEM… but for 99.99% of admin tasks it's like using a snowplow to scramble eggs.
Yeah about this. Once I forgot the password to my user account and I has no other accounts setup as a backup. So I enabled this admin account from the recovery (by selecting cmd) . I changed the password for my user account and then created another account to be used as a backup
@@SeventhEntropy oh boy. If that's the case then you just learned a new method
@@r.g7261 I just use Kali Linux, there was a program chntpw(not sure of the name) by using that u can change or remove the password
I use the Administrator when I need to copy the files off an old drive user folder as you can copy the files without waiting for it to change the permissions which can take ages. Open an administrator command line and type "net user administrator /active:yes" to disable it again with "net user administrator /active:no"
or use the installer to change utilman.exe to a cmd and then use an even powerful cmd on the login screen to do it
@@DarkBraveStuff usually this would be on Joe Public's computer so giving them access to a more powerful cmd is not a good idea.
This is both correct and incorrect - the build in Administrator account is part of the local Administrators group. Default NTFS permissions on all drives include Administrators group with full control. If you have an account which you promoted to local administrator by adding it to the local Administrators group, you would not need to do this.
Also, if you are able to do "net user administrator /active:yes", then you are already an administrator and this is unnecessary :).
@@ivanpanchev5894 If you add a drive from an old installation of windows you can access the user files from the main account but it will spend an age on the permissions before you can access it. From the hidden administrator, it justs opens the user folder for you to do with as you wish.
Hi Brian. If you open elevated CMD (or Powershell) with account which is part of the Administrators group - you can browse profile folders without any permissions modification. However, opening it trough Explorer will result in 'you need read permissions' in the security tab (also if you try opening it trough explorer it will start granting explicit permissions to your account). I suspect this is because explorer is not ran in the Administrator context - else non admin users won't be able to use it :D. Could you please try it?
Oh I have gained access to it by accident. I formated my PC and for some reason it redirected me to the Administrator account instead of my normal user account.
Well I'm definitely not gonna enable that (I might do it on my script tester virtual machine)
lololololololoololol
@@tzarg laugh out loud out loud out loud *at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch*
GioFilms r/ihadastroke reference
@@cycrothelargeplanet LOL XD
For anyone who wants to enable this on windows 10 HOME, open cmd and type net user administrator (Enter a password here) then type net user administrator /active:yes. That will enable the cccount on any HOME version of windows that does not have the group policy editor.
You mean the Local User Management MMC console ;)... (GPO editor is something else)
...by the way he said that in the video
i had forgotten about that, i remember having to enable it in Vista for some reason.
In Windows XP, the account was active and enabled by default, at least prior to SP2. It just wasn't visible on the Welcome Screen. To log in to it, you'd have to press CTRL+ALT+DEL twice when at the Welcome Screen. You'd then be presented with a classic (i.e. Windows 2000 style) login box, and you could just type administrator as the user name and no password (again: default) to log in. I believe Microsoft may have changed the default status of the administrator account in Windows XP Service Pack 2, but, as I said, at least prior to that it was always enabled.
Yes. That account being perma enabled also helped with the spread of certain viruses, thats why it's locked and restricted to local login now.
9:38 If you use the windows installation media (Thio mentioned that last video), then you do not need to type in any password.
Correct. Drive encryiption is the only solution to protect the installation here.
I thought it would be the NT Authority/System account, since that is abused often during privilege escalation
Same
Same here too
It indeed is the "SYSTEM" builtin account that is equivalent to the linux "root" account.
@@hbm293 wrong. NT Authority/System cant delete certain files (example hal.dll). The account that actually has all privileges is TrustedInstaller.
@@kenziewebm That's correct, in Windows Vista+.
Very interesting video!
If I may add some precision to the use of the Default account, I've had the opportunity to set up a deployment server for a company once, and the Default account came in quite handy.
First should I say that MDT (Microsoft Deployment Toolkit for making install sequences and other stuff) is using the "super-admin" account, and you can definitely see it using that account when it has to auto-log into it multiple times, doing reboots and all that kind of stuff, so it definitely has a huge utility there.
Back to my Default account. Since we were sending around 2 to 3 sometimes up to 5 computers per day on busy days, deploying those computers fast and as automatically as possible is crucial. Though every time we had finished deploying a computer, we had to send it to the user over France, then once the user received it, he had to log in, and call us so we could finish the setup for him. That included setting up shortcuts, bookmarks in chrome, iniatializing the VPN and other stuff. That was quite the time consuming task. So when I prepared that WDS/MDT server (it's the deployment server), we made use of the Default account as a template. Turns out every time you log into a computer with a new user, Windows uses that Default account as template to create your account folder and everything. Knowing this, we could setup the common parameters and for example throw the chrome bookmarks and desktop shortcuts inside that Default folder to their respective place, and it was working like a charm! Windows was loading the modified Default account and when we logged with a new user, everything we could setup with the Default account was there and operating!
At least this is the use we made it out of. I'm sure there is some other uses to it!
Apologise for the grammar mistakes if I made any!
Fun fact: He was an admin.
YET ONE MORE TIME JOE UPLOADS LIFE JUICE.
Your content is always amazing. Thank-you.
Onced use this administrator account when I accidentally changed the rights of my own account to 'docker-user only'. Couldn't do anything anymore, this saved me
My computer doesn't have an account called "administrator".....however, since I have pro edition I have modified the name in there to "thy lord and master"......that said, I also have the system account and the psutils to access it. In cmd it reads whoami as ntauthority/system
Edit
@5:10
Yes the heck you can
Using psutils you can run am instance of cmd as system, close explorer.exe then reopen from cmd and you ARE logged in as system at that point
Hi, Thio! Respect!
That's more like a "hidden" admin account rather than a "super" admin account because it doesn't do more than what an actual admin account could do anyway except that there is no UAC popup. Anyways very good info. I never knew about this.
U always make vids I like thanks for the great content
The SID 500 account .\Administrator does in fact have rights over regular local admins and domain admins. For example, if you deactivate UAC regulary for another .\Administrators member, a hidden uac feature still is active that prevents certain actions from remote execution. This restriction can only be globally disabled via registry hack, but the .\Administrator is never affected.
In rare cases it can make sense to temporarily enable 500 in server environments for this.
The main reason you don't use the 500 is that it can be bruteforced endlessly, because it can't be locked out.
That 500 Admin account CAN be locked out/banned, if you enforce a lock on "X failed password attempts" using GPO. I noticed that, when I opened a telnet port on my server towards the internet and that account was banned in less then 10 seconds.
@@Sypaka Interesting, did not know you can force it via GPO, might actually be useful for me in one case.
The Telnet ban gave me a good laugh :D
@@Purple.Tentacle It gets even wierder, if I tell you, that account wasn't even enabled. They managed to ban an inactive account over telnet. Had to geoblock countries after that - and then switched to Arch Linux last year.
This isn't a super administrator or root account, this is just the default built in Administrator account. The root account in Windows is SYSTEM.
Using the sethc exploit on the login screen allows you to use the whole pc as system excluding some features like explorer. A lot of functions break under system
@FuchsPlayZ the sethc exploit is like the one key to the whole system
@@oyerkproto ah yes this is the real sneaky sneaky one
@@oyerkproto using psutils from Microsoft you can use system as the entire system including an instance of explorer running under the system account, also full access to regedit, including all the hidden stuff
I'll try to find and run it using VMware when I get the chance, thanks for telling me!
I do actually use this account as my main account. I've done so for years on both windows 7 and 10. I do understand why you recommend not using it but for an advanced user, such as myself, I know not to go to certain sites, open certain e-mails, download certain things, etc. I also have a 3rd party firewall as well as a firewall in my router, an anti-virus software running 24/7, a malware detection program that can also detect rootkits and I also disable remote desktop and remote registry. I know this isn't going to guarantee I'll never have a problem but I feel comfortable with it. My brother writes some pretty sophisticated security programs for his personal use so I have the benefit of having access to those as well.
I fucked up my windows installation yesterday, but I thankfully had the four USB sticks you told me to make. I only used the windows one but thanks anyway!
Thio: Is that Express V-neck tee? Love it! ☺
On my main PC I've been running as full admin since before Vista came out. I was a beta tester for Vista. Not a single issue has arisen in all these years.
I've never been in a car accident but I'm not about to stop wearing my seatbelt.
Just because you've been lucky so far doesn't make it a smart idea.
Just remembered this account existed. I used to follow this account like 8 years ago and it’s crazy the content hasn’t changed at all
5:03 The TrustedInstaller user is really the SYSTEM user with less privledges.
Oh yeah, I remember this account, it was the account that my dumb younger self actually activated, renamed and used as main account each time I reinstalled Windows.
I love when ThioJoe tries so hard to be relevant in the thumbnail. ☻😂
What’s that white smile face emoji?
@@weeezer212 ☻
I am a software developer and need to run a lot of batch files, compile applications that modify the registry, and stuff like that on a daily basis. I found that in order to keep my sanity and to be able to do my job efficiently I run Windows using the 'Administrator' account all the time. To run as a regular admin user, I would need to change the permission on the whole C:\ drive and run the command prompt with elevated privileges all the time. I don't use any web browser or email applications on my dev machine and try to minimize the risk of download malware. Thanks for your video and clear explanations.
That thumbnail is so funny! 😂
There's another account that has even higher privileges than Administrator. It's called NT AUTHORITY/SYSTEM and it's hidden by default.
Nothing secret about the "RID500" account, it's the only true local admin account on a Windows machine. All other members of the administrators are under the "Admin Approval Mode" it's like root vs super user.
Lol came to say exact same thing
You can run programs with the System account and kinda log in to it, though it surely is not to be recommended. :D
With certain modifications you can launch a system cmd in the windows login, launch the explorer process with it, and suddenly youre kinda logged in with system account.
*when the it guy at school forgot to turn off super admin *
Me: well let’s delete system 32
i lost count how many times you've warned not to enable the super admin account... I'm scared and curious at the same time
This is not completely accurate:
- the default "Administrator" account always existed (just look at Windows NT 3, 4 and Windows 2000);
- the account with the highest level of privileges, that is equivalent to the Linux' "root" account, is the so-called built-in "SYSTEM" account on Windows.
- the "Administrator" account on Windows is slightly less privileged compared to "SYSTEM".
You didn't watch it all
I like how the thumbnail looks like that one kid (i think hes named billy?) Playing in an early 2000's/late 90's computer lol
I’ve seen business PCs in 2020 with Windows XP (could not be a big deal if it was not expose to threats like internet) using the Administrator account as the main account as an everyday consult PC, and we talk about a shop with personal with no particular formation in avoiding malware, at least the putted a password to admin although it was four characters long
Linux gang 😎😎
linux on windows gang 😎😎
Windows AND Linux gang 😎😎
I Dunno What To Pick Gang 😎😎
Any Os is Os gang 😎😎
unix gang 😎😎
7:30 actually you can relatively easily escalate to the NTAuthority/System account which has even more permissions than the Administrator account (as in, it doesn't need to edit the ACL to modify core system files).. so yeeah.. disabling the Administrator account to prevent priv escalation isn't really useful
@@ToniMorton Doesn't matter. The restriction is only for the explorer (ie. the explorer checks if its running as SYSTEM and kills itself, if thats the case). A maleware with a priv escalation exploit can still escalate to SYSTEM without any problems.
What's your privesc method? I didn't think it was particularly easily until PrintNightmare etc came along
@@ToniMorton sure, but unlocked physical access is usually out of scope. Even if VID/PID attacks eg Razor drivers are easy to block, hardware probing (SPI/RAM) is usually doable. Silent Windows privescs are common, but I wouldn't call them trivial by any means (at least theory-wise, being a skiddie is always easy). LAPS or disabling LA are industry-standard for good reasons.
This "super admin" account is NOT the root account of Windows NT. The real actual root user is System. It is possible to invoke NT authority System from a user in the Administrators group. Trustedinstaller is also root user. I came back to this video now 2 years later because I somehow turned my normal account into a "super admin" so everything is run as admin, same in the run dialog but I forgot how to disable it.
Windows server pack (2003, 2008, 2012, 2016, 2019, 2022) are enable since installation which when u are installing its, you will be asked to create a account, which is administrator account,
Wao love from Pakistan 💕😘😘😘
Is valid in India or not?
@@Freddy_Guy bruh obviously why wouldnt it windows isnt region locked
Last video watched from you was breaking into house for wi fi password...got recommended after long time...
You already talked about it i think, already knew, Nice video man
My windows just corrupted where i just lost all my admin rights last night
then out comes your video
which helped me to get the super admin account through safe mode
where i can do a repair upgrade instead of a clean install
and all my files can stay intact
I like your background colors so much! And the video quality got so much better
there is another way... at the first setup screen on a fresh windows install (OOBE), hit CTRL+shift+F3. the pc reboots and logs in as "administrator" in "sysprep audit mode". dont close the sysprep popup, uninstall bloatware etc, then OK the sysprep popup. handy shortcut. its mainly used for cloning PCs, preinstall apps.
Thanks for the video, Joe!
THANK YOU! This randomly popped into my feed and was the answer to the question i had for MONTHS
I also learned that ThioJoe looks cool with his sunglasses on from the thumbnail.
There is a EnableLUA DWORD in the registry. If you set it to 0 you get the same thing the Built-in Administrator account does. Don't do this though.
Also, TrustedInstaller is the SYSTEM user. And the SYSTEM user is a user account. You just can't login to it (well, when you're on the login screen you technically are logged in). To prove this, try creating an account called "TrustedInstaller". Then try to create an account called "SYSTEM". See what happens.
2:45 unless you’re running disk encryption someone with physical access to a computer can already do whatever they want.
Where ThioJoe get these knowledge? INTERESTING!!!!!!!!!!!!
Just a tip, this user account is enabled by default in all windows versions up to until windows 7 if I recall correctly, and can be easily accessed booting in safe mode, the account is just there, unprotected and you can for example log in and use NET USER commands to destroy the main accounts passwords and voilá, reboot and access all the accounts you want. This was a huge phisical security risk untill then. Since windows 8, you can no longer access the account by default through safe mode
This has baffled me for a while. Thanks for reviewing this.
when u are stuck at windows10 installation OOBE error, press CTRL+SHIFT+F3 this will login you onto built-in administrator account
that account can be exploited even with it disabled. It is actually running in the login screen. There are ways to change the sticky keys app to cmd by just using a recovery disc. No passwords needed. Then you restart, press shift a whole bunch and bam, you have a completely elevated command prompt without even logging in. From there you can do just about anything if you know what you are doing.
Using WinAeroTweaker, there is a registry edit that allows you to enable UAC on the "Super Admin" account, thus nullifying some of it's security risks if a hacker finds out a way to enable it.
The thumbnail is amazing
thiojoe:i bet you didnt know that theres is secret admin account
me:enable it by mistake from 2 months
I learn more from this guy than my computer teacher like seriously
I don't recommend running as an administrator at all. After you set up a new computer, you should create a new administrator account ("Admin" for example) and demote your user account to a standard user.
Install games (which patch frequently) outside of "Program Files" ("Games" for example, maybe on a second drive if you have one). This way, you shouldn't have to run the game elevated (UAC prompt), which then requires you to run Discord or Ventrilo or whatever elevated, because it needs to intercept the PTT key (Windows prevents non-elevated processes from peeking at the keypresses on an elevated process).
The title without the click-bait would read, "Windows Has a Built-in Administrator Account"
Back to back awesome videos by ThioJoe
This super administrator mode gives me 2014 thiojoe vibes back when he used to "turn" ps3s' into ps4s ahahah
JOE I'm a I.T Guy the reason I used this Account is to Install Some Programs on My Domain Certain Programs we use only will run on the Administrator Account these program will not install on the Computer even if the user is a Admin on the Domain
The main security issue with Administrator account is that is can never be locked out from logging on locally due to wrong password. Major security breach. This feature can be used to try and brute force it through another accont.
Remember dear old windows 2000. The Administrator account was the only default user. If you wanted a user with less privileges you had to create one. So did we all run win2000 as admins? Yup! We did.
Cant stop laughing at the thumbnail
Best tech videos . Always ready to watch
You rarely use the root account in Linux/unix anyway. If you need root-type privileges, you just type sudo and put in the root password. It only works for one session/task, and if you do more admin stuff, you have to type sudo again. So if you have to do a lot of tasks that require admin, you log in as root, do the stuff, and log out and back into a regular user account.
Thanks for information
Appreciate the knowledge shared on this topic ThioJoe! Quite useful 👍
With those shades, you look like "Johnny Castle" from "Dirty Dancing!"
the XP also had prompt to give this Admin account password when installing windows, but only on Pro, Home installs were left without the password. so only thing you needed to get into XP machine with Home was to boot into safe mode and use unprotected Administrator to create your new admin account. Woked on like 99% cases, very few ppl using home even heard of it, much less bothered to add password for it.
I remember using this to gain access to admin privileges without my dad knowing. Good times.
Wait so as you said that you can enable it from cmd prompt which is also avalible in recovery mode right? Well what if I forgot my main user accounts password and want to recover it back, I can enable and use the admin account to change/delete the password of my main user account right?
I've used this once when I was grounded from the computer.
It also gives privileges to routine jobs they don’t want you to stop. Like the registration numbers of programs and matches with registered name opens communication so they can shut your computer down
Microsoft Technology forbids that. (Taito makes Bubble Bobble)
I have two account on my Win 11, that administrator account and normal account. That admin one is to make "important" changes in Settings, control panel etc.
0:40 Thank you now i know that my laptop origanly was windowsVisata and i was using it until now xD but now its windows 10 THX
Thanks, man!
Ahhh, the account i use to circumvent my time limitation. Its also used to display the login screen and other basic features in the beginning
So, NT AUTHORITY\SYSTEM?
@@Z9R. everything you can run before loging in
Actually there IS a SuperUser Account in WIndows, you can run cmd on the user NT AUTHORITY\SYSTEM using Process Hacker, type whoami to see the user, also TrusterInstaller is just a group of users tha only contains the SYSTEM Account
btw there is also SYSTEM account which is pretty much means u have control over UR ENTIRE OS btw its on every version from 2000 and up