When Windows is installed on a computer, the user is prompted to create their own account with administrative privileges. At the same time, a built-in Administrator account is automatically created on the computer. This account is disabled by default and in most cases will never be used by the device owner. This guide shows you how to enable and disable the built-in Administrator account on Windows 11.
Enable and Disable the Built-in Administrator Account on Windows 11
You can check the current status of the built-in Administrator account in Windows using the Local User Management snap-in (lusrmgr.msc).
- Expand the Users section and find the Administrator account in the list;
- This account is disabled by default;
- To enable it, go to the user’s properties and uncheck the Account is disabled box. Save the changes;
- After enabling the account, you must set a password. Right-click and select > Set password;
- Set a complex password that matches your local Windows password policy settings;
You can also use the command line to view the status of the built-in Administrator:
net user administrator
The account is disabled in this example (Account active: No).
To enable the Administrator account, run the command:
net user administrator /active:yes
Set a password:
net user administrator *
If the built-in administrator account has been renamed, this command will return an error:
The user name could not be found.
However, you can find the current administrator account name by its well-known SID, which always ends in 500. You can use PowerShell to find out the local administrator account name by a known SID:
Get-LocalUser | ? {$_.SID -like "*-500"}
Or:
wmic useraccount where "SID like 'S-1-5-%-500'" get name
The built-in Windows Administrator account cannot be deleted (unlike other accounts). You will get an error if you try to delete it:
The following error occurred while attempting to delete the user Administrator:
Cannot perform this operation on built-in accounts.
It is not recommended to leave the Administrator account permanently enabled. After using it, be sure to disable the account. This protects against password brute force attacks.
net user Administrator /active:no
To increase the security of your computer, you can rename the built-in administrator account. This protects against password brute force attacks. You can rename the account from the lusrmgr console.
- Right-click account > Rename;
- Specify a new administrator account name;
How to Enable Built-in Administrator Account without Logging Windows 11
The most common use of the built-in Administrator account is when other Windows accounts are disabled or deleted and you cannot log on to the computer.
You can enable the built-in administrator by booting the computer into WinPE. This requires an installation USB stick with Windows or any LiveCD.
- Boot your computer from the Windows installation image and press Shift+F10 at the start of the installation;
- Type regedit in the command prompt;
- In the Registry Editor, select HKLM > File > Load Hive;
- Open the file C:\Windows\System32\config\SYSTEM and specify a temporary hive name;
- Navigate to HKLM\your_hive_name\Setup;
- Modify the following registry parameters:
SetupType -> 2 CmdLine -> cmd.exe
- Unload the registry hive, restart the computer and boot to the Windows welcome screen;
- A command prompt opens where you can enable the built-in administrator and set a password:
net user administrator /active:yes net user administrator *
- Run regedit, go to HKEY_LOCAL_MACHINE\SYSTEM\Setup, change the parameters SetupType > 0, CmdLine > empty.
- Restart your computer and you will be able to log into Windows using the built-in Administrator credentials.
1 comment
When I enter that command prompt net user administrator /active:yes , it says access denied. What next?