As known in order to protect your environment from unauthorized changes, Windows Vista provides UAC ("User Account Control") and furthermore for the same security reasons this OS handles by default all user accounts (in local groups) with administrator privileges like Standard users.
On the other side UAC is not only a security-related implementation, but it also provides other actions about some issues (programs compatibility, install/uninstall operations).
If you will log-in the built-in Administrator account when all other accounts with administrator privileges are disabled you will reach to work under your Windows Vista with neither restrictions nor security prompts at all (that previously sometimes might appear even if UAC was disabled).
If you will enable the built-in Administrator account under your Windows Vista and if you will log-in it, then in your actual system any process and/or executable object will run with no security restrictions (and UAC will not prompt at all, although still enabled): and if this fact from some sides may be desiderable then it will be obviously occurring for possible malware too (with related implications).
The purpose of following procedures is not to disable UAC under Windows Vista, and in fact you will not disable it making that: on the other side UAC under the built-in Administrator account is not working by default.
Now, in order to reach True-Full-Administrator-Privileges under Windows Vista is needed that only built-in (and hide) Administrator account is enabled and all other accounts (with administrator privileges) are disabled.
Really the existing account could be deleted at all, but for your convenience and in order to avoid management issues account-related and/or some annoyances the best practice suggests to remove previuos account just after a fresh installation of your OS; then, accepting the nuisance of disabling/re-enabling accounts with administrator privileges, you can safely and simply disable them.
The procedure is not the same about different Windows Vista versions: beginning from Business, Enterprise and Ultimate versions it is as following (tested as working).
1. Start > Administrative Tools > Computer Management > Local Users and Groups > Users > Select "Administrator" (one click) > Right-click > "Properties" will show "Account is disabled" > Enable it > OK (if UAC prompts, answer CONTINUE).
Do not set the password!
2. Reboot the machine.
3. Log in the Administrator account and disable all other accounts with administrator privileges in "Computer Management > Local Users and Groups > Users" following above notes used to enable it (> check "Account is disabled" mark).
4. Be sure that your Administrator account is enabled and reboot the machine.
5. Control Panel > User Accounts > Configure advanced user profile properties > "Account\Unknown" > Delete (This is an optional way: you will make it only if you do not need/want other accounts in your environment).
6. Control Panel > User Accounts > Set your Administrator account password (do not set it under previous "Users" folder).
7. Then you can rename the Administrator account in "Computer Management > Local Users and Groups > Users".
8. Done!
Now you will reach True-Full-Administrator-Privileges under your Windows Vista (UAC will not prompt more, although still enabled).
Btw: the above procedure must be followed with no changes.
Under Windows Vista Home Basic and Home Premium the "Local Users and Groups" folder is missed, then the procedure is as following (according to Microsoft notes that I lightly modified and tested as working).
1. Create a password for your current account in "Control Panel > User accounts", if it is not there.
2. Merge the following entry into your registry (in order to type your account name @ boot log-on).
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:000000013. Reboot your machine.
4. Log-in your current user account (typing name and password).
5. Start > Start Search > type on your keyboard cmd (then Right-click > Run as administrator) > type on your keyboard net user administrator active:yes (then press ENTER) in order to unhide the built-in Administrator account: "The command completed successfully." line will appear if all goes right.
6. type on your keyboard net user administrator 12345 (where "12345" is your administrator password: then press ENTER; then type on your keyboard exit and then press ENTER again).
7. Reboot your machine and log-in your current user account (typing name and password).
8. cmd (Run as administrator) > type on your keyboard net user in order to verify user accounts list > type on your keyboard net user administrator in order to check that administrator account is really active > type on your keyboard net user username active:no (where "username" is your previous account name) in order to disable it. Repeat that for all other accounts with administrator privileges existing under your Windows Vista environment.
Optionally, and accepting related issues (that is only Administrator account enabled and then no UAC-related function available) you can delete your previous account typing net user username /delete (where "username" is your previous account name) in order to remove your previous account at all: if you delete it then you can also remove "Account\Unknown" in "Control Panel > User Accounts > Configure advanced user profile properties".
Please, note that if you delete your previous account then that will remove your access to previous user's default folders: then it would must done just after a fresh installation of Vista or however after to have moved at least "Documents" sub-folder existing in "Users\yourprevioususername". Furthermore it could occur "AppData" issue: you know that delete an user account under Windows not just after a fresh installation could entail some issues...) http://www.computerp...sta_appdata.htm .
9. Reboot your machine and log-in the Administrator account typing "Administrator" and its password.
10. Done!
Now you will reach True-Full-Administrator-Privileges under your Windows Vista (UAC will not prompt more, although still enabled).
Btw1: really you could find other procedures that may slightly differ compared to above notes, but I did not test all them...
Btw2: IE7 Protected Mode under True-Full-Administrator-Privileges will be disabled too... I do not use IE, but here seems there is a way (I do not tested it) in order to enable Protected Mode running Administrator built-in account...
Btw3: as always, create a backup of your system before to proceed.
Attached Files
-
4.png 547.93KB
145 downloads
