Is it fine to rename hidden administrator account to something else?


Muz

New member
Local time
4:27 PM
Posts
4
OS
Windows 11
Is it fine to rename hidden administrator account to something else?
 

My Computer

System One

  • OS
    Windows 11
There's no reason you can't. Pretty common practice in enterprises. It's a very minimal impact for security, but bad guys can still ID the account since it has a well known SID
 

My Computer

System One

  • OS
    Windows 11
No it is not OK. Don't mess with it and leave it hidden. It's a superuser account and is hidden for security reasons as it runs everything elevated without UAC.

It is a good idea to create a second local Admin account that you can use for troubleshooting if your original account is corrupted, or you forget the password, or something bad happens.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
Renaming it has no impact and if UAC is enabled it will still leverages it. Every account including Administrator runs unprivileged until UAC is invoked.
 

My Computer

System One

  • OS
    Windows 11
No it is not OK. Don't mess with it and leave it hidden. It's a superuser account and is hidden for security reasons as it runs everything elevated without UAC.

It is a good idea to create a second local Admin account that you can use for troubleshooting if your original account is corrupted, or you forget the password, or something bad happens.
Agreed. That Administrator is hidden for a reason, has more power than the User with Administrative Rights. And it has to be invoked deliberately, is not recommended to keep it active once the need has been accomplished.
 

My Computers

System One System Two

  • OS
    Win11 Pro RTM
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 3400
    CPU
    Intel Core i5 11th Gen. 2.40GHz
    Memory
    12GB
    Hard Drives
    256GB SSD NVMe
  • Operating System
    Windows 11 Pro RTM x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Vostro 5890
    CPU
    Intel Core i5 10th Gen. 2.90GHz
    Memory
    16GB
    Graphics card(s)
    Onboard, no VGA, using a DisplayPort-to-VGA adapter
    Monitor(s) Displays
    24" Dell
    Hard Drives
    512GB SSD NVMe, 2TB WDC HDD
    Browser
    Firefox, Edge
    Antivirus
    Windows Defender/Microsoft Security
The OP asked for opinions. Since it is a security risk to use the hidden administrator account all the time, I gave mine. I'm not saying it can't be done. I'm saying you shouldn't do it. The hidden account is not new. It's been around since XP through the registry and in it's current form since Vista. It's kind of like a MS 'get out of jail free' account and it's purpose is troublehooting. If you want to make your system less secure it's your choice. You own your system so it's up to you what you decide to do with it.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
User rights are only assigned to the 'Administrators' group and not the Administrator account so there are no difference in rights assigned between the Administrator account and an user created administrator account.

On home systems it is preferred to create the second user account for admin functions. The built-in administrator account is better suited for a corporate environment as a break glass account and recommended to implement LAPS so it can not be used for lateral movement in a compromise.

1658454842258.png
 

My Computer

System One

  • OS
    Windows 11
That Administrator ... has more power than the User with Administrative Rights
Sorry but that is incorrect. The Built-in Admin has no more privileges than any other Admin account. Its UAC is off by default but any other Admin can also do that.

I last tested this in Windows 10 Version 1909; the situation has been the same since 2009 and shows no sign of changing.

Try3 said:
About overriding the System 'user'I've just tested [Version 1909] that the Built-in Administrator remains unable to get access to a folder for which only the System 'user' had access permission.
attachment.php
attachment.php
- I ran this test on a folder on a USB stick because that made it easy to clean up afterwards; I simply reformatted the USB stick.
- I provided a bit more detail about the test in
BiA is just an Admin - my post #13 - TenForums


The Built-in Admin exists for one reason & one reason only, to be enabled by Windows to appear on the Safe mode login screen if Windows cannot detect any other Admin account on the computer.
This behaviour is stated in Administrator account status, Safe mode considerations - MSDocs

All the best,
Denis
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3296
Why would you bother as it is hidden anyway?
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
Is it fine to rename hidden administrator account to something else?
Works fine on Windows server -- so I don't see why it wouldn't work in Windows - certainly pro editions.

user.png
You can also change it via registry with "local security policies" etc.

It's probably of more use on a server as it's better to login as an administrator with an idenifiable user named account so proper server audit trails can be monitored correctly rather than using the generic "Administrator" account. In larger workp[laces you'll certainly have more than one person responsiblle for managing and dealing with server issues.

Also being a multi user system you might need more than one person to be logged on concurrently to be resolving issues that require administrative privileges. This requires different accounts of course.

On bog standard windows if you already have admin privileges I'm not sure what it brings to the table.

Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
The Built-in Admin has no more privileges than any other Admin account. Its UAC is off by default but any other Admin can also do that.

But this thread is about whether one should mess with the hidden administrator account which I strongly suggested one does not.

Regarding turning off UAC, yes, you can turn UAC off for an Admin USER account giving it the same priviledges but that level of control can also be dangerous. That level of control is not meant to be used for everyday use, whether one uses the hidden account or turns of UAC for an admin user account. There’s no safety net, so a misstep could royally screw up your system. Any security benefits and risk mitigations that are dependent on UAC aren't present on the computer. One of the risks is malicious software running under elevated credentials without the user being aware of its activity.
So, if ANY user, I don't care how experienced they are, feel they are so good they will never make a mistake and want to turn off UAC, I call hogwash. And if any user thinks he is above getting malware, I again call hogwash. Just my opinion and I'm sticking to it. :cool:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 22631.3296
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1tb Solidigm m.2 +256gb ssd+512 gb usb m.2 sata
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 10 Pro 22H2 19045.3930
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 9020
    CPU
    i7-4770
    Memory
    24 gb
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    256 gb Toshiba BG4 M.2 NVE SSB and 1 tb hdd
    PSU
    500w
    Case
    MT
    Cooling
    Dell factory
    Mouse
    Logitech wireless
    Keyboard
    Logitech wired
    Internet Speed
    still not telling
    Browser
    Firefox
    Antivirus
    Defender+MWB Premium

Latest Support Threads

Back
Top Bottom