Wednesday, May 14, 2008

How to Activate the Local Administrator on Windows 2008 Server

How to Activate the Local Administrator - Active:Yes

There are many advantages to doing this, but, you must do it the right way. In case of server crashes, you will need this account to troubleshoot Active Directory or your domain. Windows Server 2008 has a hidden administrator account.  This super-user account is only of use on a member server where you normally logon to the domain, but now need to logon to the local 'SAM' database.  The method to activate the administrator is almost identical of that for Vista; the only difference that springs to mind is that in Windows Server 2008 people are more likely to deactivate than to activate this account.

Topics for Activating the Windows Server 2008 Local Administrator

  • How to Activate or Deactivate the Hidden Administrator
  • Detailed Instructions to Activate the Administrator
  • Local Security Method to Enable the Administrator
  • Benefits of Activating the Administrator Account
  • How to Check User Accounts
  • Summary of Activating the Local Administrator

How to Activate or Deactivate the Hidden Administrator

If you are going to activate and use this administrator account, then you need to know its password.  Therefore a preliminary step is to set, and especially to remember, the password.  Naturally, if all you want to is deactivate you don't need to worry about the password, and thus could avoid this step.

Quick method to activate an account

  1. Logon to your Windows Server 2008 using another account with administrative privileges.
  2. Launch the cmd prompt - Make sure you select, 'Run as administrator'
  3. Net user administrator Belcome01!
  4. Net user administrator /active:yes
  5. Switch User, or logoff
  6. Logon as administrator  Password p@$$w0rD 
    To be precise, you need to be HostName/administrator not Domain/Administrator

Detailed Instructions to Activate the Administrator

  1. Logon to the server using your normal domain admin username and password.
  2. Click on the Start button
  3. Click on Start Search. 
  4. Type:
  5. Right-click cmd, select 'Run as administrator' from the shortcut menu.
  6. At the command line type:
    Net help user
  7. My idea is for you to just observe Net User options.  In particular, check the syntax to set the password.
  8. The next instruction is the crucial command.  I have chosen password = p£ssworD, you may want to choose a different password.
  9. Net user administrator p@$$w0rD
  10. Net user administrator /active:yes
  11. Check the message : The command completed successfully
  12. Switch User, or logoff
  13. Logon as Hostname/Administrator  Password p@$$w0rD  (Your password may be different!)
    Where Hostname is the computer name of the Windows Server 2008 computer.

Trap1:  You need a forward-slash before /active

     Net user administrator active:yes    is wrong
     Net user administrator /active:yes    is correct

Trap2:  There should be no space between the word 'active' and the ':'.

    /active  :yes   is wrong.  
    /active:yes     is correct.

Tip 1:  You can also activate and deactivate the guest account.

Tip 2: The key word in the deactivate command is the word:no

     Net user administrator /active:no.

Local Security Method to Enable the Administrator Account
Kindly sent in by Dave Waddell

If you prefer a pure GUI method, launch the Local Security policy.

This is how you navigate to the Local Security Policy. 

  1. Click on Start orb, then in the Start Search dialog box type: secpol.msc.  Note: you must include the extension .msc.
  2. Drill down to Local Policy, Security Options
  3. Double click Accounts: Administrator account status, and select enable.

You can also see the resulting Administrator in the Control Panel, User Accounts folder.


Benefits of Activating Windows Server 2008's Hidden Administrator Account

The main benefit of activating this hidden Administrator is if you ever needed to logon at the server when the domain was not available and not accepting cached credentials.   Alternatively, you may be troubleshooting and wish to eliminate domain settings.  To be frank, there are always other scenarios that I have not thought about.  Sometimes when troubleshooting you need a combination of unusual techniques to finally solve your problem.

Actually, the main benefit of knowing this method is to make sure that you deactivate the special built-in local administrator account.  To achieve this try:

Net user administrator /active:no.

How to Check Windows Server 2008's Local User Accounts

Checking the Local User accounts is a useful task in itself, but it comes into its own where you need to troubleshoot whether accounts are active, or not.  In a nutshell, if you type /active:yes the account should display in the GUI.  If you type /active:no, the account disappears from view.

This is where you can configure Windows Server 2008 local as opposed to domain accounts.  Click on the Start button, Control Panel and select --> User Accounts:

Trap: Before you can make ANY changes to ANY account, you must make sure that this box is ticked:
'Users must enter a user name and password to use this computer'.   See screenshot below (Taken from Vista).

If you do deactivate the local administrator, then you simply won't see the account listed in the User Accounts menu in the Control Panel.

Summary of Activating the Local Administrator

One reason to activate the hidden Vista Administrator account is for logging on locally when you are troubleshooting.  The procedure is straightforward, just launch the cmd prompt and type:
Net user administrator /active:yes.  

The only trap is that you require a complex password so that you need to add a password to the command string thus
Net user administrator Belcome01!
Net user administrator /active:yes

No comments:

Windows 2008 Resources and Development

Windows 2008 Resources and Development
Windows 2008