enable back built-in administrator of Windows 7

sunhux
sunhux used Ask the Experts™
on
https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account
Is above recovery  for booting up in Safe Mode with Network connectivity BUT not joining domain?

Thing is our PCs have NAC (Network Access Control) such that we can't bring PCs from outside to connect up to our network.  If so, while in "Safe Mode with Networkg",  MS NAC may not work (though I've not tested it).

So how should we go about recovering an enabled local admin on Win 7 Enterprise?

It's to address audit requirement that we disable local administrator.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
https://www.technibble.com/bypass-windows-logons-utilman/

From above link, do we need only Win 7 DVD or do we need other DVDs as well?

Author

Commented:
https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account

Sorry, replace above url with url below:  does the steps in url below work?  Anyone tested it?
Our Desktop support guys told me steps below only work in Win XP but not in Win 7 :

https://www.lostwindowspassword.com/enable-windows-7-default-administrator-account.html

Author

Commented:
I tried to replace  utilman.exe with cmd.exe but simply can't delete/overwrite utilman.exe.
Can't even issue   :
  icacls utilman.exe /grant Builtin\Administrator:(D,WDAC)
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Top Expert 2016
Commented:
boot from any windows installation disk and get a command prompt then you have unlimited access to the c:\windows\system32 folder the drive might be X: you have to find the right drive first.


So how should we go about recovering an enabled local admin on Win 7 Enterprise?
It's to address audit requirement that we disable local administrator.


If the local administrator is already disabled then re-enabling it seems a bit backwards why don't you just check to see if the administrator account is disabled?

How one does this locally
You have to go to a CMD prompt via run as admin and then type:
net user administrator /active:yes

On a Domain simply use restricted groups to manage the local administrator account which will be disabled when the user joins the domain.

Author

Commented:
Ok, I've found that I don't need to boot up from any CD/DVD at all & no downtime needed:
for both Win 7 & WIn 10.

Just do:
cd \windows\system32
takeown /f utilman.exe
ren utilman.exe orig_utilman.exe
copy cmd.exe utilman.exe

To test:
& while booting up, press F8 to boot into Command Prompt
& just when the Windows logon GUI is about to pop up, press
Windows-U  & it will auto pop up a command prompt with system privilege.
Then type:
   net user administrator /Active:Yes   (to enable it back or any other commands, eg: to reset password)


Last query:
   What's the purpose of utilman.exe & what's the impact if we remove/rename  utilman.exe permanently ?

Author

Commented:
>On a Domain simply use restricted groups to manage the local administrator account
> which will be disabled when the user joins the domain.

Care to elaborate how the above is done?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial