No administrators on the machine except Administrator, whoops
Hi guys, on a scale of 1-10 how stuffed am I?
Building a laptop with Windows 7, and we're only tentatively dipping our toes into the Windows 7 waters at the moment, so still got a lot to learn. I'm applying my XP knowledge to this brave new world, and getting my fingers burnt.
In XP, we'd have two users on the machine - Administrator, and User. User is a member of the Users group, whilst of course Administrator is a member of the Administrators group. AutoAdminLogon is set to log the machine in automatically as User (after the Novell login has happened), and when we need to do administrative stuff on the machine we do a RunAs on Computer Management, launch it as Administrator, and add User to the Administrators group.
Now, I came to replicate this procedure on Windows 7. I have successfully made User a member of the Users group instead of Administrators, and that's fine. However, the problem comes when I need to add them back to the Administrators group. It won't let me do a RunAs Administrator. It says there's some kind of policy in place to disallow that.
We don't have an Active Directory, we're not using any kind of Group Policy, so this must be a default Local Policy.
So, my problem is that the only user on the machine that's a member of the Administrators group is Administrator, and I can't log in as Administrator.
I've tried in Safe Mode and that didn't help. The Administrator account definitely has a password set, and the prompts that appear say 'to continue, type an administrator password, and then click Yes'. Well, there's nowhere to type a password, and Yes is greyed out.
Does anyone have any suggestions please, or am I going to have to wipe the machine and start again?
Well, maybe things didn't go quite as well as I'd hoped.
When I came to demote User again, Windows refused. Although it was showing as being a member of the Administrators group, different parts of the OS couldn't agree on whether the user really was or wasn't an Administrator.
This tallies with the warnings given by NTPassWd, so although this utility is great as a last-resort to restoring access, don't expect everything to be smelling of roses once it's done its work.
I couldn't demote the account, I couldn't even delete the account.
I've ended up reinstalling the OS after all. And this time, I'll be sure that the Administrator account is NOT disabled!
Why do you need to do the runas stuff anyway, anything that requires admin privilages should trigger a UAC prompt and ask for elevation anyway, at this point you could just use the local admin account credentials to run whatever needed running unless you have turned off UAC for some reason.