• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 104
  • Last Modified:

enable back built-in administrator of Windows 7

https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account
Is above recovery  for booting up in Safe Mode with Network connectivity BUT not joining domain?

Thing is our PCs have NAC (Network Access Control) such that we can't bring PCs from outside to connect up to our network.  If so, while in "Safe Mode with Networkg",  MS NAC may not work (though I've not tested it).

So how should we go about recovering an enabled local admin on Win 7 Enterprise?

It's to address audit requirement that we disable local administrator.
0
sunhux
Asked:
sunhux
  • 5
1 Solution
 
sunhuxAuthor Commented:
https://www.technibble.com/bypass-windows-logons-utilman/

From above link, do we need only Win 7 DVD or do we need other DVDs as well?
0
 
sunhuxAuthor Commented:
https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account

Sorry, replace above url with url below:  does the steps in url below work?  Anyone tested it?
Our Desktop support guys told me steps below only work in Win XP but not in Win 7 :

https://www.lostwindowspassword.com/enable-windows-7-default-administrator-account.html
0
 
sunhuxAuthor Commented:
I tried to replace  utilman.exe with cmd.exe but simply can't delete/overwrite utilman.exe.
Can't even issue   :
  icacls utilman.exe /grant Builtin\Administrator:(D,WDAC)
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
David Johnson, CD, MVPOwnerCommented:
boot from any windows installation disk and get a command prompt then you have unlimited access to the c:\windows\system32 folder the drive might be X: you have to find the right drive first.


So how should we go about recovering an enabled local admin on Win 7 Enterprise?
It's to address audit requirement that we disable local administrator.


If the local administrator is already disabled then re-enabling it seems a bit backwards why don't you just check to see if the administrator account is disabled?

How one does this locally
You have to go to a CMD prompt via run as admin and then type:
net user administrator /active:yes

On a Domain simply use restricted groups to manage the local administrator account which will be disabled when the user joins the domain.
0
 
sunhuxAuthor Commented:
Ok, I've found that I don't need to boot up from any CD/DVD at all & no downtime needed:
for both Win 7 & WIn 10.

Just do:
cd \windows\system32
takeown /f utilman.exe
ren utilman.exe orig_utilman.exe
copy cmd.exe utilman.exe

To test:
& while booting up, press F8 to boot into Command Prompt
& just when the Windows logon GUI is about to pop up, press
Windows-U  & it will auto pop up a command prompt with system privilege.
Then type:
   net user administrator /Active:Yes   (to enable it back or any other commands, eg: to reset password)


Last query:
   What's the purpose of utilman.exe & what's the impact if we remove/rename  utilman.exe permanently ?
0
 
sunhuxAuthor Commented:
>On a Domain simply use restricted groups to manage the local administrator account
> which will be disabled when the user joins the domain.

Care to elaborate how the above is done?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now