Vista RC1 Disables Built-in Administrator Account

Everyone (except the hackers) would agree that having a built-in Administrator account with no password is not a good idea. Therefore, Microsoft has decided to disable the built-in Administrator account under most circumstances in Windows Vista. This is a good move. By default, new installations of Windows Vista will no longer have the built-in Administrator account enabled. However, if you upgrade from Windows XP and the built-in Administrator was the only account that was active, your account will stay active and will be placed in what Microsoft refers to as “Admin Approval Mode.” Keep in mind that a built-in administrator account by default cannot logon to Windows in safe mode.

The behavior on computers that have joined the domain is different than computers that are in a workgroup. In a domain environment, a disabled built-in administrator account cannot logon to the computer in safe mode. If your computer has joined the domain, the domain administrators can logon to the computer and create a local administrator account if it doesn’t exist.

On computers that are part of a workgroup, a disabled built-in administrator account will not be able to logon to the safe mode as long as you have at least one local administrator account that’s enabled. Obviously, you will be able to use any other local administrator account to logon to safe mode. Let’s say you have a total of three administrator accounts: two that are enabled, plus the built-in administrator account that is disabled. If you somehow delete, or disable the two enabled administrator accounts, you will be able to logon to your computer in safe mode with the disabled built-in administrator account for disaster recovery. Note that this behavior is different than the previous scenario where the computer has joined the domain. In that case the built-in administrator cannot logon in safe mode. However, a member of Domain Admins group can come to the rescue as explained earlier.

While this behavior is definitely more secure, you need to ensure that you do not forget your passwords for your administrator accounts. Whether you create a password reset disk or write down your password in a safe place, that’s up to you. Whatever you do, just make sure you don’t lock yourself out from your own computer.