New
#21
Torchwood, it is not an additional admin account that was introduced, it has always been there. Problem was it got enabled without user consent.
I have all Windows updates installed and haven't seen such behavior in my PCs.
Torchwood, it is not an additional admin account that was introduced, it has always been there. Problem was it got enabled without user consent.
I have all Windows updates installed and haven't seen such behavior in my PCs.
Many companies rename the built-in Administrator account as an extra security step. The laptop that I'm on has had that account renamed (and disabled) from day one. This makes it harder for malware that intends to enable/use this built-in Administrator account.
The link that you provided to the tut for enable/disable built-in admin account has a step that deals with renamed accounts by linking to this tut: Built-in Administrator Account - Change Name
Bottom-line...
...renaming that built-in account is a good thing
...disabling that built-in account is a good thing
BobKoz,
Most users don't bother renaming the built-in admin account. It is fine if you want to leave that account with its default name. As far as using a admin:user account vs. an standard:user account for day to day use: Yes, the using a standard:user account is safer; however, it can be hard to do/understand certain actions, so it is probably not worth changing to a standard:user account. Just keep the User Account Control turned on when using your current admin:user account.
UNI, you are of course 100% right. I was trying to comment on BobKoz's way of trying to deal with the issue. And to be honest almost forgotten of that best practice :)
Your right GokkAy
Standard is greyed out - no problem, you've helped enough :)
Bob, can you try one thing please:
- Run: eventvwr.msc
- Expand Windows Logs - Security
- On right pane - filter current log
- Enter 4722 (just the number) in the box where it writes <All Event IDs>
- It will now show which account enabled which account and a bit more info
See if you can spot something at the day of issue
I had to post here, tried 3 x after your last question:
I just typed in a lot of info but got logged out and lost it..
I added 4722 and displayed the event, it says it happened on 9/9/15 11:02:57 AM which is probably when I turned the PC on.
I can't capture this sys window with my software - Under subject it says BOBS-PC\BobsPC, and under Target account it says BOBS-PC\Administrator........ But I didn't create anything?
Also on bootup it said it was completing update installation before opening Windows. This was the first time I had to choose '
admin' or 'my user'
About renaming Administrator again : if I do this it won't match the folder called Administrator in C:\Users > is this OK? Or should I remame the folder to match?
BobKoz,
As you have noted - your problem is solved and your computer logs you directly onto your desktop. (This happens by default when Windows see only one enabled account and that account has no password.)
If you have the time and the interest, GokAy will help you try to figure out why this happened. My rambling below are just to try and answer some of the questions that you asked. Some may have already been answered... so I might be repeating stuff:
Computers can sure take up a lot of time :-(
As you noted, we are not seeing any other people mention this happening to them.
Wild (and unlikely) guess here:
It could be that your antivirus app prevented some update from doing its thing and the update enabled the built-in admin account to complete the task. (I'm guessing that you and your wife use the same antivirus app.)
As noted elsewhere, the built-in account was enabled, not created. While this is a minor distinction, it would be really scary if a new admin account had been created. As it is, the event is still a mystery, but slightly less scary.
Correct*. You are the first*. Lucky you
*Not that we hear every report of every Windows Update anomaly.
For future reference...
...visit that link again
...scroll near the bottom
...the info on that web page applies to
While it is good that you made a backup of the key before deleting it, there are registry keys that cannot easily be restored via backup. In this case, you did no harm. It won't hurt to leave the key there or to delete it.Applies to
Microsoft Windows Millennium Edition
Microsoft Windows 98 Second Edition
Microsoft Windows 98 Standard Edition
Microsoft Windows 95
This is just FYI: When working with accounts, it is best to restart the computer and log onto your normal account before doing the steps in that tutorial.
As has been mentioned: you cannot delete that account. You can (and have) disabled it. If you want, after restarting the computer and logging on with your normal account, you can safely delete that Administrator user folder. You can also leave it there. It really does not matter. About the only impact will be a tiny amount of time added to each full antivirus scan that you do on your computer.
As mentioned above and elsewhere, you cannot delete the built-in administrator account. I'm repeating this so that I can also add an assurance that deleting the user folder associated with that built-in administrator account will not impact any other account (not that you expressed that specific concern about the user folder).
I am pretty sure that XP has the same built-in administrator account. It is also disabled by default. You probably never had a need to use it.
That is an excellent summary.
I already stated my view on "Is it a security risk to set user account to Administrator"; however, I don't want to discourage you from using the safer Standard account if you want to try it.
You would need to...
...create a user:admin account
(because you don't want to use the built-in:admin account)
...restart the computer
...log onto that new user:admin account
...demote your normal user account to a standard user account
...restart the computer (optional).
Then use your user:standard account for day to day use.
Let me offer an example of one difficulty that you might encounter while using a user:standard account:
We often ask you to do things using an elevated command prompt. If you did option three in this tutorial (SFC /SCANNOW Command - System File Checker), the resulting text file will end up in the desktop folder of the admin account. As long as you know that this is going to happen, then you can deal with it. You can go get the file from there and move it to your desktop.
Or, you could temporarily make your day to day user account an admin account - then change it back once you are done troubleshooting stuff. There are some things that are impossible to do as a standard user. Using "run as administrator" just will not work for some tasks. While this can be frustrating, you can also look at it as an extra measure of safety. This makes it harder for malware to do those things too
The same advice applies to XP. It was safer to use a non-admin account in XP too.
Last edited by UsernameIssues; 13 Sep 2015 at 15:51.
It doesn't mean you personally changed it but it was done with your account's privileges.
Last thing I would check is the Application and System event logs at around the time of the change to see if anything catch my attention.
If you can't, oh well, issue is solved even though the mystery is not! :)
Bummer. Thanks for hanging in there.
What software are you using?
For the most part, it will not hurt how Windows operates to have the user folder name differ from the user account name. It mostly just confuses the humans using the computer.
After you read my previous long/boring post, you will see that you can safely delete this folder. You can rename the built-in administrator account as an added safety measure, but you will need to remember that you have done so. If you are ever instructed to use "net user administrator /active:yes" again you will have to just know to modify those instructions to be "net user renamed /active:yes".
Again, Windows can handle the renamed account just fine. Its the humans (and malware) that get confused.
There are 50+ application logs and about the same System logs, on the night of original update an morning I after when I first booted - way to much to type..
Lets just say the Master Admin somehow got enabled and leave it at that, you helped me solve what I thought was an issue..
UsernameIssues says:
"Is it a security risk to set user account to Administrator" ....... By making user Standard.......This makes it harder for malware to do those things too.
And it's also OK to Delete the C:\Users "Administrator" folder (containing all user subfolders)..
Do you agree with these also GokAy?