enable back built-in administrator of Windows 7

https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account
Is above recovery  for booting up in Safe Mode with Network connectivity BUT not joining domain?

Thing is our PCs have NAC (Network Access Control) such that we can't bring PCs from outside to connect up to our network.  If so, while in "Safe Mode with Networkg",  MS NAC may not work (though I've not tested it).

So how should we go about recovering an enabled local admin on Win 7 Enterprise?

It's to address audit requirement that we disable local administrator.
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunhuxAuthor Commented:
https://www.technibble.com/bypass-windows-logons-utilman/

From above link, do we need only Win 7 DVD or do we need other DVDs as well?
0
sunhuxAuthor Commented:
https://support.microsoft.com/en-us/help/814777/how-to-access-the-computer-after-you-disable-the-administrator-account

Sorry, replace above url with url below:  does the steps in url below work?  Anyone tested it?
Our Desktop support guys told me steps below only work in Win XP but not in Win 7 :

https://www.lostwindowspassword.com/enable-windows-7-default-administrator-account.html
0
sunhuxAuthor Commented:
I tried to replace  utilman.exe with cmd.exe but simply can't delete/overwrite utilman.exe.
Can't even issue   :
  icacls utilman.exe /grant Builtin\Administrator:(D,WDAC)
0
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

David Johnson, CD, MVPOwnerCommented:
boot from any windows installation disk and get a command prompt then you have unlimited access to the c:\windows\system32 folder the drive might be X: you have to find the right drive first.


So how should we go about recovering an enabled local admin on Win 7 Enterprise?
It's to address audit requirement that we disable local administrator.


If the local administrator is already disabled then re-enabling it seems a bit backwards why don't you just check to see if the administrator account is disabled?

How one does this locally
You have to go to a CMD prompt via run as admin and then type:
net user administrator /active:yes

On a Domain simply use restricted groups to manage the local administrator account which will be disabled when the user joins the domain.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
Ok, I've found that I don't need to boot up from any CD/DVD at all & no downtime needed:
for both Win 7 & WIn 10.

Just do:
cd \windows\system32
takeown /f utilman.exe
ren utilman.exe orig_utilman.exe
copy cmd.exe utilman.exe

To test:
& while booting up, press F8 to boot into Command Prompt
& just when the Windows logon GUI is about to pop up, press
Windows-U  & it will auto pop up a command prompt with system privilege.
Then type:
   net user administrator /Active:Yes   (to enable it back or any other commands, eg: to reset password)


Last query:
   What's the purpose of utilman.exe & what's the impact if we remove/rename  utilman.exe permanently ?
0
sunhuxAuthor Commented:
>On a Domain simply use restricted groups to manage the local administrator account
> which will be disabled when the user joins the domain.

Care to elaborate how the above is done?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.