When working at a computer, situations quite often arise when it is necessary to perform actions in the operating system that require exclusive rights. For this purpose, there is a special account called “Administrator”. In this article we will talk about how to enable it and log in using it.

In all versions of Windows, starting from XP, there is an “Administrator” in the list of users, but this “account” is disabled by default for security reasons. This is due to the fact that when working in this account, maximum rights are enabled to change settings and work with the file system and registry. In order to activate it, you need to perform a number of actions. Next, we'll figure out how to do this in different editions of Windows.

Windows 10

The Administrator account can be activated in two ways - through the Computer Management snap-in and using the Windows console.

Method 1: Computer Control

Method 2: Command Line

To log into Windows under this account, press the key combination CTRL+ALT+DELETE and in the menu that opens select the item "Go out".

After exiting, click on the lock screen and in the lower left corner we see our enabled user. To log in, just select it in the list and perform the standard login procedure.

Windows 8

The methods for enabling the Administrator account are exactly the same as in Windows 10 – snap-in "Computer Management" And "Command line". To enter you need to right-click on the menu "Start", move the cursor over the item "Shut down or log out" and then select "Exit".

After exiting and clicking and unlocking the screen, tiles with user names, including the Administrator, will appear. Login is also carried out in the standard way.

Windows 7

The procedure for activating the “Administrator” in the “seven” is not original. The necessary steps are performed in the same way with newer systems. To use your account you must log out through the menu "Start".

On the welcome screen we will see all users whose accounts are currently activated. Select “Administrator” and log in.

Windows XP

Enabling the Administrator account in XP follows the same scenario as in previous cases, but logging in is a little more complicated.

1. Open the menu "Start" and move on to "Control Panels".

   

2. Double click on the section "User accounts".

   

3. Follow the link "Changing User Logins".

   

4. Here we put both checkboxes and click "Applying settings".

   

5. Go to the Start menu again and click "Sign Out".

   

6. Press the button "Change user".

   

7. After logging out, we see that it is possible to access the Administrator’s “account”.

   

Conclusion

Today we learned how to activate a user with the name “Administrator” and log in to the system under it. Please be aware that this account has exclusive rights and is not safe to use at all times. Any attacker or virus that gains access to the computer will have the same rights, which is fraught with dire consequences. If you needed to perform the steps described in this article, then after completing the necessary work, switch to a regular user. This simple rule will allow you to save files, settings and personal data in the event of a possible attack.

Article content:

In any enterprise in which computers/software are maintained by adequate people, ordinary computer users do not have any administrative rights behind them, which significantly reduces the risk of deleting important system files, installing incomprehensible software and other wonders. However, some programs stubbornly refuse to work without administrator rights - and what to do if there is no desire to give the user computer administrator rights, but there is a need to run the application?

The article will discuss how to provide an ordinary user with the opportunity to run an application, and not give him administrator rights on the computer.

We will talk about two methods - more or less secure (Issuing rights to the folder with the program), and less secure (the method using the RunAs program).

Granting rights to the program folder Often, a program requires administrator rights to carry out any operations with files in its folder - for example, a certain Program needs to write data to its configuration file in the folder where it is installed (let's say this directory C:\Program Files (x86)\Programma

1. ). You can try to give the necessary users full rights to this folder. This is done as follows: Right-click on the folder and open
2. Properties In Properties you need to open the tab.
3. Safety Depending on your computer settings, it may display either " Add ", or " Change Depending on your computer settings, it may display either "". In the first case, you need to press the button " ", or "", in the second - " Depending on your computer settings, it may display either "", after which you will most likely need to enter the administrator account information. After this, a window with a button will appear.
4. ", which you will need to press. Depending on your computer settings, it may display either " After pressing the " "Add all the necessary users. To check that the user name is entered correctly, you can use the button"".
5. Check names Then we give full rights to the added user - to do this you need to check the " Permissions for.... ", paragraph "".

Full rights

Running the program under an administrator account from a regular user account

The RunAs program, which comes with Windows, is suitable for this purpose. For ease of use, the easiest way is to create a cmd file in which you should place the following:

C:\WINDOWS\system32\runas.exe /user:\ /SAVECRED

Today, despite the large number of versions of operating systems that Microsoft produces under the Windows brand, including Windows 7, Windows Vista and subsequent versions, the Windows XP version remains popular among personal computer users. Despite the fact that this version was released back in 2001, according to the majority of active users, it is the most convenient and functional of the entire existing line. Over twelve years of active use, this version has been slightly modernized and adapted to modern network parameters, as well as modern computer equipment.

The developers of Windows XP paid great attention to the issue of administration and data protection. Since this version of the operating system was developed for office and home use, it was envisaged that the PC administrator account would have much more capabilities than the average computer user. To protect the operating system from unauthorized entry, as well as to protect data, it was provided that each account would have a security system in the form of a login and password. In addition, the creators of this version of the operating system provided that the administrator, at his discretion, can change passwords for other user accounts on the computer.

In order to log in to WindowsXP as an administrator, you need to have this right. If you are a computer administrator, then it is natural that you know the username and password to log in. When you turn on the PC, the operating system, which has several users, will offer several accounts to choose from, one of which will be the administrator. If you have rights and know the password, logging in will not be an insurmountable problem for you.

In case you urgently need to log into an administrator account and you are in a user account, you need to log out of their system first. There are several ways to carry out this manipulation. The first, most understandable for inexperienced users, is to click the start menu, where you should click the “Log off” button, and after a successful logout, you can select the administrator account you need. Besides this, there is another way. When you press Ctrl+Alt+Del, the Task Manager dialog box pops up. By clicking on the dialog box, you must select “End session” or “Change user” of your choice. After this, you will go to the Windows XP start page, where you can select the required Administrator account and log in. The fastest and most convenient way to change user is to press WinKey+L. Thanks to this command, Windows XP will redirect you to the start page in a matter of seconds, where you can select the “administrator” account and log in under this account.

Requirements.
The article is applicable for Windows XP.

Information
Typically, if you have multiple accounts on your computer with local administrator rights, Windows will automatically hide the built-in Administrator account. But there may be a need to log into Windows using this account. This can be done in three ways, and the choice of method depends on the settings of your system.

Method No. 1. If you are using the Welcome screen.
1. Wait for the " Greetings", where you will be asked to select the desired account from the list;
2. Hold down two buttons “Ctrl” and “Alt” on the keyboard, without releasing the pressed buttons, press the “Del” button on the keyboard twice;
3. The screen should display the " Login to Windows" with two fields "User", "Password" and three buttons "OK", "Cancel", "Options >>";
4. In the "User" field, enter Administrator and password (if you have one) and click "OK";

If you log into Windows automatically, i.e. If you are not prompted for a username and password, then follow these steps:

Ending a session <имя Вашего пользователя> ";
3. In the "Exit Windows" window, click the " Exit". We draw your attention once again "Exit" button;

4. Wait until the session ends and the " Greetings";
5. Then follow steps 2 - 4 indicated in method No. 1;

Method No. 2. If you are not using the Welcome screen.
If you do not use the "Welcome" screen, but instead it opens " Login to Windows", in which there are two fields "User", "Password" and three buttons "OK", "Cancel", "Options >>", then:
1. In the "User" field, enter Administrator
2. In the "Password" field, enter the password (if you have one) and click the "OK" button;

If you log into Windows automatically, i.e. If you are not prompted for a username and password, then follow these steps:
1. Wait for the desktop to load;
2. Click the "Start" button and select " Completing work...";
3. In the window " Shutting down Windows", in the "Select the desired action" field, select " Ending a session <имя Вашего пользователя> " and click "OK";
4. Then follow the steps indicated in method No. 2;

Method number 3. Using safe mode.
1. Turn on your computer;
2. As soon as letters and/or numbers appear on the screen, periodically (2 times per second) press the “F8” button on the keyboard;
3. A menu should appear on the screen. In this menu, select " Safe mode";
4. If a window appears asking you to click "Yes" or "No", click the " button Yes";
5. The “Administrator” account will appear automatically, all you have to do is select it and enter the password (if you have one);

Greetings, dear readers.

Today I would like to talk to you about a simple - in some ways even banal - but very pressing problem of many Russian citizens - about obtaining local administrator rights in Windows systems. As is known, they are terribly necessary for ordinary representatives of the proletariat at their workplaces to fulfill a wide variety of desires. I won’t dwell on the advantages that admin rights provide: everyone who comes into contact with a computer at work knows this well. And I'll stop on something else...

In particular, on how to get local administrator rights, initially having a user with limited privileges. Among other things, the issue of resetting user passwords will be discussed. We will look at several of the most convenient and simple approaches that work quite well on all systems from Win XP to Win 10.

Method No. 1 (brutal).

Its essence is to boot the computer from some external media - in common parlance just a LiveCD. How to do this?

Step 1. Burn a LiveCD.

LiveCD is a CD/DVD disk, flash drive (most convenient) or other USB drive on which a greatly reduced version of our operating system is installed, i.e. WIN 7/8. Making such a disk is not difficult. Just download the WIndows PE or ERD Commander assembly. The first is a stripped-down version of WIn 7 (PE - pre-installation evironment) with broad functionality for restoring an already broken system (in case of a terrible virus infection, low-level failures, or severe forgetfulness of the owner of the admin accounts :)). You can read more about them and. So, download the WinPE or ERD Commander image and write it to a disk or flash drive. Everyone knows how to make a boot disk. But writing a disk image to a USB drive is not as easy as it seems. You can read about how to create a bootable USB flash drive, for example, in this article.

Step 2. Boot from LiveCD.

So, the flash drive has been created. Now let's boot from it. To do this, we may need to enter the BIOS settings and change the boot order of the drives there. Of course, you first need to turn off the computer, then plug in the USB flash drive, then turn it on and enter the BIOS. You will be very lucky if you are not asked for your password when you log in. If they ask, things are bad: this means that your employer is not such a fool as you thought. But I hasten to console you: in 99% of cases there is no password on the BIOS, and you can easily put your flash drive first on the BOOT boot list. And if you're lucky, she'll be there first. Next, we simply save the parameters, reboot and observe the loading process of WIndows PE.

Step 3. Modify the registry from the outside.

So, we booted from external media and we see something like this window.

The window can be different: a simple desktop and a regular Start button. This depends on your specific build of Windows PE. By the way, there is also Windows RE (Recovery environment). It will also be suitable for our purposes. It is only important that it has the ability to launch the command line (cmd) and the ability to work with an external registry. And these two features are available in almost any build of win PE / RE / ERD Commander. So, we saw the start window (fortunately, we are not asked for any passwords here). Next, press Command prompt (if the window is like the one in the picture) or the Win+R combination and enter cmd. In the console that appears, enter regedit. Press Enter and get the registry window. Now go to HKEY_LOCAL_MACHINE (hereinafter referred to as HKLM) and go to File => Load hive.

Next, in the dialog box that opens, look for the disk with our real system (in which we want to gain local administrator rights) and look for the file<диск>:\Windows\System32\config\SYSTEM. Click "Open" and enter any name of the bush. For example, test. As a result, in HKLM we have a new element - test - this is a segment of the registry (one of the branches we need) of our desired system. We can change it as we please and save it back into the desired system, which gives us simply unlimited possibilities just for our imagination. :)

Now go to the test directory Setup, change the CmdLine parameter there: put “cmd.exe” there. We also change the SetupType parameter to 2 (by default it is 0). This will allow the system to think when loading that the first startup is now taking place and therefore it is necessary to do what is indicated in the CmdLine (usually the path for installing low-level drivers at the OS boot stage is indicated there), i.e. - in our case, the console will start with SYSTEM rights, which is not just buzz - it’s everything we could dream of (of course, not domain administrator rights, but still).

Now select test and click File => Unload hive. That's it, the registry in the victim system is updated. Now we're reloading.

Step 4. Reset the local admin password.

During the reboot process, go into the BIOS and change all BOOT parameters to the same ones. Next, during the OS boot process, you will see a console window labeled SYSTEM. In it you can do whatever you want with your OS. You can create a new user, you can reset the password for an existing one, you can edit the Administrators group, etc.

Let's take the simplest route - make the local admin user active and reset his password.

So, we execute: net user and see a list of all local users of the system. This is buzz. From them, using the method of straining the intellect, we select the one who, according to the logic of things, should be a local administrator. If users like Administrator, Administrator, Admin are not in the list (sometimes evil system administrators rename them, thinking that this will make the system safer: how naive :)), then there is another way: net localgroup - a list of groups. There will definitely be either Administrators or Administrators. Next, write net localgroup Administrators (if there were Administrators in the list of groups, otherwise - Administrators). And we see a list of user admins.

Now let's do a simple set:

net user Administrator Newpass - change the password for the Administrator user (you may have your own) to Newpass.

net user Administrator /active:yes - make the admin user active (unblocked, because they are often blocked).

That's all. This method is not good because you change the password and unblock the local admin, and this fact can be easily calculated by our worst enemies - system administrators. Therefore, you can do it differently:

net user superuser Superpass / add - create a user superuser.

net localgroup Administrators Superuser /add - place superuser in the local admin group.

The good thing about this method is that later, after booting up with this user, you can easily place your domain user in the Administrators group, and then delete the temporarily created account.

So, we have created or reset the password for the admin user. We booted from it, but don’t work under it all the time: the risk is not just great - it is phenomenally huge. There are two ways: you can work from an account with limited rights, periodically using such a thing as “Run as”. Or you can simply place your domain user in the administrators group. I think there is no need to explain to anyone how to do this (in cmd we execute compmgmt.msc, go to managing local users and groups, then to Groups and there we edit the admin group in a beautiful graphical interface).

But after all these manipulations, I strongly recommend clearing the event log: in cmd, execute eventvwr.msc, then go through all the logs and click clear on the right. As a result, all traces will be destroyed. It is better to do this under the account of a new (created) local admin, which has already been deleted (i.e. it is not in the system, but you are still logged in under it), and after the actions, reboot in a hard way: through the magic reset button (user-admin in this case will already be destroyed). As a result, there will be a record in the locks that such and such a user has erased everything, but there will be nothing more about this user: neither his inputs and outputs, nor other actions, nor even his deletion by someone, i.e. phantom user. In the event of a thorough investigation of any incidents that occur with your participation, this may well save your fate. :)

Of course, there is an even more reliable way: the system logs, so that there is no record of when and who cleaned them, you can simply destroy them, so that they do not start at all. In a simple version, to do this, just delete the log viewer itself: eventvwr.msc, located in the directory :\windows\system32, however, this will have to be done either under the same LiveCD, or using the console with SYSTEM rights (how to get it is described in method 2 below). But the viewer can be restored if you really want to (although few people will do this anymore, and if you are not going to hack banks from this computer, then you don’t have to worry about problems). In this article I won’t talk about how to destroy the log database itself (those who might really need it know how to do it themselves :)).

Method No. 2 (replacing seth.exe).

This method, in fact, differs little from the previous one. Steps 1-3 of the first method are completely repeated. By the way, in this case, it is quite possible to use a standard installation disk / installation flash drive from Windows 7/8/10 as a LiveCD, selecting the “Restore system functionality” option after booting from it (since now we will not have to work with the registry). But in step 4, when we receive the console, we do not reset passwords or create new users, but do this:

copy<диск>:\windows\system32\sethc.exe seth2.exe - make a backup copy of the original file of the standard sticky key function seth.exe.

copy<диск>:\windows\system32\cmd.exe c:\windows\system32\sethc.exe - then we confirm the replacement. Replace the original seth with the command line (cmd). Do you smell what it smells like? :)

Now after booting the system - at any stage when you want, starting from the login screen, you can call the console with SYSTEM rights, which is very good. Just quickly press Shift 5 times in a row and that’s it.

And then at least change the password, at least create users, at least clean the logs, at least copy the SAM databases (for subsequent brute force (brute force search and recognition) of current user passwords), or anything else that you have enough imagination for, but do all this I don’t recommend it, because the point here is different. The advantage of this approach is that you do not change any passwords, do not create any new users, but simply call the system console when you really need the rights, and use it to launch anything that is required.

With this approach, there will be absolutely no mention of your activity in the system logs.. Sometimes you may encounter the launch of strange applications/installers, etc., for which your domain account does not seem to have rights, but you really do not have rights and never have had them. :) And all suspicious launches occurred under the name of the system (SYSTEM), so you remain absolutely clean.

Conclusion

Here, in fact, are two main approaches that, among all others, I happened to use in my ordinary practice. They are quite suitable for the purpose of making life easier at work by removing various kinds of restrictions that modern employers love so much. The main thing is not to show others that you can and do not use these rights unless really necessary.

But if you want more - for example, domain administrator rights or want to get into the accounting department of your company, then completely different approaches are needed. When operating on your machine as your domain or local user, you are in any case at risk, because you are working with the network from your computer, and all packets sent by you are strictly recorded in the logs of the firewall and/or SIEM system, so some caution should be observed. To maintain anonymity in this case, unfortunately, it is not enough to clean or destroy local logs: you will still be identified very quickly.

About how to ensure anonymity of the highest category, as well as more advanced and accurate ways to obtain admin rights, including ways to obtain domain admin rights, I talked about in my recently published course on personal information security.

Sincerely, Lysyak A.S.