The built-in administrator account is just one more account in the system, pretty much like any other admin out there. It has the very same capabilities than any other admin, and has been included in every NT-based Windows version, from 3.51 up to Win10.
There is no point at all in enable/change password/disable, that achieves nothing in terms of security (it doesn't hurts either). By keeping it disabled, you prevent anyone from login into it,
even if they knew the right password. The password in fact becomes totally irrelevant for a disabled account, nobody will ever be able to use it until it's enabled.
Now, the only way to enable a user account is to user another user account that has administrative privileges in itself. If an attacker (or a virus, or whatever) gets access to another admin account, they can just use that one to wreak havoc in the system, they're already in, so there is no need to bother enabling the default admin. If the attacker can use a standard account, they won't be able to enable or set passwords for any other account, so you're mostly safe.
The usual recommended setup is to use 2 accounts, one for normal usage without administrative rights and another admin account that you use when touching something system-wide. That's the situation where UAC shines, as it allows easy access to the admin account from within a standard one, given the right user/password.
If you like, you could also rename the built-in "Administrator"
There is no point in that either. That at most achieves "
security though obscurity", as anyone knowing the name will still be able to login, and the name is easy to find out anyway. Usernames are meant to be public (the Windows login loves to disclose the valid usernames for instance). Secrecy should be in the password instead.
Obviously (to me) this designates that this disabled Admin acct has (had) a password (?).
Yes, that's correct. Every account in Windows
always has a password. Just remember that the blank password is a perfectly valid one and will be treated the same as any other (even though it's blatantly wrong to have an empty password, Windows will hapily accept it). That date shows when the password was set to be blank. If not done by you, it could have been at the very least the time of the OS install.
But I'm thinking ? how is this secure if I (anyone in safe mode with an Admin acct privilege) just change the password without having to know the old password ???
The requirement for that to succeed is that the account doing the change must be an administrator in itself. That's one of the "powers" of the admin account, they can reset any password for any account. When using a regular account that cannot be done. And if an attacker gets hold of an admin account, you're toast
He can do anything with the system with an admin account, that's why it's important to safeguard those as much as possible, and use a regular account for most normal activities.
Remember your first try, you we're greeted by an "access denied", until you used "run as administrator" as pointed by
Brink.
This sounds better, so then as long as an existing admin acct doesn't setup a new acct with admin privilege and then give that password to a user, then NONE of the other user (non-admin accts) can access any Admin acct or the actions thereof, without the password of the admin acct. They can't even boot to safe mode and do it, OR they can't even run an app "as an adminstrator" .
That's correct. An admin can do literally
anything in a system (including access all files, modify anything or setup backdoors). That's why it's important to keep the admin password secret and hard to guess, and never use such account for normal activities that don't strictly requires adminstrative access.
A normal account is restricted to his own profile, and to read some thing in the system, but can't do anything to other accounts passwords or data. "Run as administrator" from a normal account just ask for an admin password, and won't continue without a correct one.
