asked on
enable back built-in administrator of Windows 7
https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account
Is above recovery for booting up in Safe Mode with Network connectivity BUT not joining domain?
Thing is our PCs have NAC (Network Access Control) such that we can't bring PCs from outside to connect up to our network. If so, while in "Safe Mode with Networkg", MS NAC may not work (though I've not tested it).
So how should we go about recovering an enabled local admin on Win 7 Enterprise?
It's to address audit requirement that we disable local administrator.
Is above recovery for booting up in Safe Mode with Network connectivity BUT not joining domain?
Thing is our PCs have NAC (Network Access Control) such that we can't bring PCs from outside to connect up to our network. If so, while in "Safe Mode with Networkg", MS NAC may not work (though I've not tested it).
So how should we go about recovering an enabled local admin on Win 7 Enterprise?
It's to address audit requirement that we disable local administrator.
Windows OSOS SecurityWindows 7
Last Comment
sunhux
ASKER
https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account
Sorry, replace above url with url below: does the steps in url below work? Anyone tested it?
Our Desktop support guys told me steps below only work in Win XP but not in Win 7 :
https://www.lostwindowspassword.com/enable-windows-7-default-administrator-account.html
Sorry, replace above url with url below: does the steps in url below work? Anyone tested it?
Our Desktop support guys told me steps below only work in Win XP but not in Win 7 :
https://www.lostwindowspassword.com/enable-windows-7-default-administrator-account.html
ASKER
I tried to replace utilman.exe with cmd.exe but simply can't delete/overwrite utilman.exe.
Can't even issue :
icacls utilman.exe /grant Builtin\Administrator:(D,W
Can't even issue :
icacls utilman.exe /grant Builtin\Administrator:(D,W
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Ok, I've found that I don't need to boot up from any CD/DVD at all & no downtime needed:
for both Win 7 & WIn 10.
Just do:
cd \windows\system32
takeown /f utilman.exe
ren utilman.exe orig_utilman.exe
copy cmd.exe utilman.exe
To test:
& while booting up, press F8 to boot into Command Prompt
& just when the Windows logon GUI is about to pop up, press
Windows-U & it will auto pop up a command prompt with system privilege.
Then type:
net user administrator /Active:Yes (to enable it back or any other commands, eg: to reset password)
Last query:
What's the purpose of utilman.exe & what's the impact if we remove/rename utilman.exe permanently ?
for both Win 7 & WIn 10.
Just do:
cd \windows\system32
takeown /f utilman.exe
ren utilman.exe orig_utilman.exe
copy cmd.exe utilman.exe
To test:
& while booting up, press F8 to boot into Command Prompt
& just when the Windows logon GUI is about to pop up, press
Windows-U & it will auto pop up a command prompt with system privilege.
Then type:
net user administrator /Active:Yes (to enable it back or any other commands, eg: to reset password)
Last query:
What's the purpose of utilman.exe & what's the impact if we remove/rename utilman.exe permanently ?
ASKER
>On a Domain simply use restricted groups to manage the local administrator account
> which will be disabled when the user joins the domain.
Care to elaborate how the above is done?
> which will be disabled when the user joins the domain.
Care to elaborate how the above is done?
From above link, do we need only Win 7 DVD or do we need other DVDs as well?