Offline enable the Windows 8 built-in administrator account

Like in previous Windows versions, the built-in administrator account is disabled by default in Windows 8. You can easily enable it in Windows 8 with the command net user administrator /active:yes from a command prompt with admin privileges. However, if you are locked out of your computer, for example because you forgot your password, you need to enable the administrator account offline—that is, from a second Windows instance—to be able to log on with administrator rights.

Michael PietroforteMVP By Michael Pietroforte - Thu, March 14, 2013 - 3 comments google+ icon

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in system administration.

Articles in this series

Reset Windows password

In this post, I describe two procedures to offline enable the built-in administrator account in Windows 8. Which one you prefer is a matter of taste. In the first guide, you need to replace a Windows command, which might not be everybody’s thing. The second method involves offline editing of the Windows Registry, which I only recommend for experienced users or admins.

Offline enable the built-in Windows 8 administrator account

  1. Boot from the Windows 8 boot media.
  2. After Windows 8 setup started press SHIFT+F10 to access a command prompt.
    Windows 8 setup - Command prompt
  3. Type copy /y d:\windows\system32\cmd.exe d:\windows\system32\sethc.exe.
    Replace the cmd.exe
  4. Remove the boot media and restart Windows 8.
  5. At the login screen, hit the SHIFT key five times until the command prompt appears.
  6. Type net user administrator /active:yes. This enables the built-in administrator account in Windows 8.
    Enable built-in administrator account in Windows 8
  7. Reboot the computer. When the logon screen appears, click the arrow on the left.
  8. You should see now the Administrator account icon. You can log in without a password.
    Buit-in administrator

You have now full access to the Windows 8 computer. Secure the data for the Microsoft account for which you lost the password and create a new account. After you are done, I strongly recommend disabling the administrator account again: net user administrator /active:no.

Enable the built-in administrator account in the Registry

  1. Boot from the Windows 8 boot media.
  2. After Windows 8 setup started press SHIFT+F10 to access a command prompt.
  3. Type regedit and click HKEY_LOCAL_MACHINE.
    regedit
  4. Click the File menu and then Load Hive.
    Load Hive
  5. Load the SAM file from D:\windows\system32\config.
    Load SAM
  6. Enter a key name (for example, myKey).
    myKey
  7. Navigate to HKEY_LOCAL_MACHINE\myKey\SAM\Domains\Users\000001F4.
    Registry hive for built-in administrator account
  8. Right-click the F key and select Modify.
    Modify built-in administrator
  9. Navigate to position 0038 right before the value 11.
  10. Press DEL, type 10, and click OK.
    Enable built-in administrator account
  11. Click the myKey hive, click the File menu, click Unload Hive, and confirm the unloading of the hive.
    Unload Hive

The result is the same as with method 1. After you reboot, you can log on with the administrator account; no password is required. To disable the administrator account, type net user administrator /active:no at a command prompt with admin rights.

Series NavigationHow to reset a Microsoft account password (connected account) - FREE: NTPWEdit – Reset Windows 7 password

-1+1 - Rate this post
Loading ... Loading ...
Your question wasn't answered? Ask in the new 4sysops forum!

3 Comments- Leave a Reply

  1. Ian says:

    Nice!! This is exactly what my company ended up doing.

    The big issue in my experience has been getting the machine online. If you have no network connection, even if you change the Microsoft account password online at account.live.com, it won’t be able to sync back down. Admin account is great for that. And if something is actually broken, you can hit up the SettingsSync event log and see why!

    Great post Michael!! I hope people find it useful :)

  2. tom says:

    When I run regedit, it appears that “Load Hive” is disabled. Looks like Microsoft “fixed” this “security hole”. :}

  3. Ian, thanks!

    tom, this is not a security hole. You have to click on HKEY_LOCAL_MACHINE first to enable Load Hive.

===Leave a Comment===

Login

Lost your password?