• Upgrading from Win10 1803 to 1809 may break the built-in “Administrator” account, but you probably aren’t affected

    Home » Forums » Newsletter and Homepage topics » Upgrading from Win10 1803 to 1809 may break the built-in “Administrator” account, but you probably aren’t affected

    Author
    Topic
    Viewing 6 reply threads
    Author
    Replies
    • #243686

      Difficult to see why this is an issue for anyone in any circumstances, or even a bug at all:

      The bug occurs when the following two conditions are met:
      The built-in Administrator account is enabled (it is disabled by default).
      There is at least one additional account with Administrator permissions.

      https://www.ghacks.net/2019/01/02/windows-10-version-1809-upgrade-could-invalidate-administrator-account/

      The account is not disabled when the feature update is installed if there is no other administrator account.
      Personally, I would have said that’s the behavior I expected. (says Günter Born)
      https://borncity.com/win/2019/01/02/windows-10-v1809-upgrade-deactivates-build-in-administrator/

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #243692

      may break the built-in “Administrator” account, but you probably aren’t affected

      Three most assuring words to start your day off with.

      1 user thanked author for this post.
    • #243698

      The built-in Administrator account was disabled during previous upgrades, unless the installation/upgrade in place was performed under the built-in Administrator account.
      Nothing new here and it is not a bug, but done on purpose I believe, for the reasons stated by Woody in the main post, i.e. security enhancement, as this account is normally the only account not subject to UAC, at least on a computer not joined to an Active Directory domain.
      Saying that, I generally tend to perform the OS upgrade under the built-in Administrator to avoid potential permissions bugs during the upgrade, but normally this should not be a pre-condition for a successful installation.

      3 users thanked author for this post.
      • #243709

        The first part of this is correct — it’s been documented for years.

        The second part is not — the mechanics of the upgrade process is not performed by the user who started the upgrade, so it doesn’t matter what user you’re logged in as.

        1 user thanked author for this post.
    • #243747

      I enable the Administrator account for all the machines at my location for when I need to do “admin” things that avoid changing the users desktop or other items like that.  The Administrator account is only used by me when needed and is, of course, password protected.

      1) If it disables the Administrator account, can it just be reenabled?

      2) What do they mean “break”?

      3) If I use the Administrator account to do the upgrade, does the regular user admin account that gets created during setup get disabled or “broken”?

      4)  I have renamed some of the Administrator accounts to something else for security purposes, just like I do on my servers.  Do the same bugs apply?

      Cheers!!
      Willie McClure
      “We are trying to build a gentler, kinder society, and if we all pitch in just a little bit, we are going to get there.” Alex Trebek
      • #243783

        1) Yes.
        2) Disabled/Inactivated.
        3) No.
        4) Same situation.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        1 user thanked author for this post.
    • #243965

      Wouldn’t it be better to enable the built-in administrator account and password protect it.  Rather than leaving it disabled without a password?

      • #243981

        I don’t see why. It’s one more password for you to remember/store and for a hacker to guess/crack.

        It can’t be enabled without other administrator or physical access, so not a risk if it’s disabled.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    • #243995

      All of our Win7 domain machines have the Admin enabled and password protected.  This was a carry-over practice from the WinXP endpoints and it’s worked well for us.  Just as the Domain Admin has a password, Endpoints have the Local Admin with a password.  Unfortunately, we will be converting to Win10 this year but the practice will likely continue.  I could’ve sworn there were ways to active the built-in Admin account during an offline state.

      • #244001

        I believe the best option is to password protect and then disable if you’re able to.  We have a relatively small environment of 180 or so endpoints.  There have been times where an endpoint has lost trust with the Domain and the built-in Admin account is needed to leave and rejoin.  This can also happen when restoring a older image to an endpoint.  I’m sure I’m not alone in this thought, nor am I solely right in my efforts.  There’s always ten ways to accomplish everything in Windows.  Thank you for your feedback, b.

        2 users thanked author for this post.
        • #244016

          There have been times where an endpoint has lost trust with the Domain and the built-in Admin account is needed to leave and rejoin.

          Yes, I’ve experienced that a few times. I wouldn’t suggest not having any local admin account available.

          Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

          1 user thanked author for this post.
      • #244010

        I could’ve sworn there were ways to active the built-in Admin account during an offline state.

        There are with physical access and the ability to boot from something like Offline Password and Registry Editor on CD/DVD/USB (although not if the system drive has disk encryption with that tool apparently), or Safe Mode.

        Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

        1 user thanked author for this post.
      • #327159

        Microsoft LAPS is a great solution for this and easily deployed.

    • #327261

      Microsoft LAPS is a great solution for this and easily deployed.

      I don’t see how Local Adminstrator Password Solution would prevent the built-in administrator getting disabled during an upgrade, as that’s an expected behavior (which is not password-related).

      But isn’t it just for domains with Active Directory anyway? No use for small businesses or home users?

      Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

    Viewing 6 reply threads
    Reply To: Upgrading from Win10 1803 to 1809 may break the built-in “Administrator” account, but you probably aren’t affected

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: