0

I'm setting up new install of win 10 home premium on a laptop for friend.

After setting up the initial local admin account, I created standard local account for friend to use.
I wanted to give her ability to install applications so she gets admin password, but I wanted to take away temptation of logging in with admin account, so hid it from login screen.

Now I want to make a restore point and backup drive.

The problem is, when I try from standard user account, it askes to enter admin username and password, except there are no fields to type them in, and of course I can no longer do it from logon screen. I also cannot run regedit to un-hide account from sign in screen.

Please help, it took over three hours to install it I don't want to start again.

I used the following method to hide admin account...

Use the Windows key + R keyboard shortcut to open the Run command, type regedit, and click OK to open the Windows Registry.
Browse the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Right-click the Winlogon, select New, and click Key.
Name the new key SpecialAccounts.

Right-click the SpecialAccounts key, select new, and click Key.
Name the new key UserList.

Inside of UserList, right-click, select New, and click DWORD (32-bit) Value.

Name the new DWORD key with the name of the account you're trying to hide.
Double-click the new DWORD key and make sure its data value is set to 0.

5
Contributors
21
Replies
75
Views
1 Month
Discussion Span
Last Post by bobbyraw
Featured Replies
  • Web threats? I added two things on all my Windows and even on my Apple/Chromebook/Android. What are they? 1. Web Of Trust. Can't say enough nice things about this one. It won't stop users from plowing ahead and doing bad things but here it's warned me ahead of time. 2. … Read More

0

An easy way to enable/disable the admin account is to open a command shell as admin (press WINKEY+X and select Command Prompt (Admin)) then type either of

net user administrator /active:yes
net user administrator /active:no
0

Do you mean on the login screen? Did you actually associate a password with the account? On my system I leave the Admin account permanently enabled. That way if my user account gets blitzed I always have the Admin account available so I can log in and repair. I've never actually had to do that but I like to leave it as an option.

By the way, since you are setting this up from scratch you might want to have a look at how I configure a new system. I wrote this for WIndows 7 but I use the same setup for Windows 10. I use Macrium Reflect for imaging with a full on the first of the month and a scheduled differential every other day. I've had to reload images a few times because my video got screwed up with unwanted updates and restoring an image is a 20 minute job instead of a multi-day troubleshooting.

Edited by Reverend Jim

0

Hi,

just a side note: back in Windows XP days by pressing CTRL ALT DEL for two times, in the login screen, made the admin account visible. I do not know if this is still valid as I have not used those systems lately. Hope it helps, bye!

0

I mean when I try to start an admin cmd, I am prompted for admin username and password, but there are no text boxes to enter those details.

0

@S

I'd like to try this. Remember the discussion about non-admin installing apps is a well done topic so I want to hear more about the issue of admin cmd and no text boxes.

My first thought is the hidden admin account(s) could be why. Also, since Windows has since Windows NT had a fatal issue with corrupt profiles I'll write we always have 2 admin accounts. It's like the Rule of Two in some movie folk watch.

0

Running a program/shell with Admin (elevated) rights is not the same as running under the Administrator account. What is your UAC set to?

0

The only way I would advise to see the issue is to create a win 10 home VM.

The default ans setup account is an admin account, create a standard account, and then follow steps in first post to hide the only admin account from sign in page.

If the admin account is not hidden, and you attempt an adim task from the standard account, windows 10 will prompt you for an admin password and if entered correctly will carry out the task.

If you hide the admin account and do same, windows will still prompt you for admin password, but it will not provide a means for typing that password into any text box, or give you a button to click.

It's weird, and a bug if you ask me.

0

OK I think I get it but no fix I've heard to date. It's entirely possible to break Windows by hiding all admin accounts. And you can destroy it by removing the admin accounts altogether. Microsoft taught how to do this in some admin class for locking down Windows.

So in their view, not broken but how it works.

0

If the admin account is not hidden, and you attempt an adim task from the standard account, windows 10 will prompt you for an admin password

I have set up 5 or so Windows 10 systems and have never seen what you are seeing. I created the account for the user(s) (I make it a local rather than a Microsoft account) and I was never asked for any admin type credentials. The users are allowed to install software without requiring an admin password and if anything requires admin rights the user is prompted to allow/refuse to elevated rights. Again, no password required.

0

I believe that is UAC.

But I do not like the idea of standard account being able to carry out admin tasks, does that not make the point of standard and admin accounts mean nothing?

I got back into system as admin by using a runas in command prompt in the end.
'runas /user:Suze cmd'
enter admin password

And started regedit from that to revert the changes I made.
It seems what I wanted to do is not possible.

Thanks for the help and your time guys.

0

Instead of using runas it is far easier to press WINKEY-X and then select Command Prompt (Admin).

Incidentally, there are still things you can't do unless you are logged in to the Admin account. And even that account has restrictions so it is not a true admin account. Go figure.

0

winkey x askes for password in dialog box, with original problem, no means of entering password.

0

What restrictions, if any, did you put on the user account? When I do WINKEY X I just get the UAC prompt "Do you want to allow this app to make changes to your device?"

Edited by Reverend Jim

0

No restrictions on standars user account.
I wonder if there is mis-communication here, do we agree that a standard (non admin) user acount can not perform tasks that require administrative permissions?

0

Going back to your first post and rereading I see where I misunderstood. I think that by unhiding the Admin account you may fix the problem. This would make the Admin account visible on the login screen but as long as the user doesn't know the password you can still secure the system from the user. Unfortunately I don't have a real or virtual system that I can test this on.

0

Thing is, the goal of the idea was to only hide the admin account, while still allowing the standard account to use admin account for those admin tasks, removing temptation to login as admin.

I found way to partially achieve goal by setting a registry key (DontDisplayLastUserName), but this means user has to type name and password at login, an does not prevent user from logging is as admin.

0

I have set up Windows systems for a few family members and friends and I trust them (except for my father-in-law) not to do anything really stupid so the user accounts are set (be default) as Admin. However, in order to avoid having to spend all of my spare time fixing things I have set up the systems in the same(ish) way.

  • Two partitions (C-OS and D-Data).
  • User folders (My Documents, etc) relocated to D
  • Macrium Reflect (Free) installed
  • All user apps installed on C
  • Full image of C made to D:\Images

The agreement is I will help with problems but if the problem takes more than 30 minutes to resolve I just restore the image, apply all outstanding system/app updates, then take a new image.

So far the only image I have had to restore was on my father's-in-law laptop. I had to do this frequently for the first year or so until he learned not do download every POS software he saw in a pop-up.

0

I told my friend that the first line of defense against malware is to not log in as admin, but in the end she started to do it anyway, because of having to type a password every now and then, and she is not web savvy enough to spot a threat and wound up infected with 'merry I love you' ransomware, from a fake chrome popup.

My theory is that by forcing her to type password for admin operation might help her to learn more quickly to spot a possible threat.

2

Web threats? I added two things on all my Windows and even on my Apple/Chromebook/Android. What are they?

  1. Web Of Trust. Can't say enough nice things about this one. It won't stop users from plowing ahead and doing bad things but here it's warned me ahead of time.

  2. Adblockers. Today I like Ublock Origin. For Chrome you may have to use Adblock+. More than adblocking, it has blocked bad web content.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.