If you log on with the built-in administrator account or a domain administrator account on a Windows 10 computer, you won’t be able to run Microsoft Edge. In this post, I will explain why this is the case and how you can open Edge and all Windows (modern) apps with the administrator account.

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.

Once upon a time, an administrator was the unchallenged ruler on a Windows computer. An administrator account had no restrictions whatsoever. These times are over. Nowadays, an administrator is not even allowed to do what every standard user can do—that is, open common apps such as Microsoft Edge. This is how far the security paranoia of recent years has brought us. Okay, as usual, I am exaggerating. But error messages like the one below don’t really make sense to me.

If you try to run Edge with a domain administrator account, you will be greeted by Microsoft’s new browser in a Spartan way:

Microsoft Edge - This app can’t be opened

Error message: This app can’t open. Microsoft Edge can’t be opened using the Built-in Administrator account. Sign in with a different account and try again.

This error message is actually not telling the truth. Microsoft Edge can be opened using the built-in administrator account, and there is no need to sign in with a different account and “try again.” If you are willing to jump through a few hoops, Edge runs fine with the built-in administrator account.

Some how-to bloggers who covered this topic tell you this Windows feature is actually a good thing. Running a web browser as an administrator is a no-no. The unbearable Internet Explorer Enhanced Security on Windows Server comes to mind.

However, this is not what this “feature” is all about. If you feel like it, you can run Internet Explorer (which most likely is less secure than Edge) with the built-in administrator account on a Windows 10 machine without being troubled. No, this odd behavior is just a consequence of the poorly designed User Account Control (UAC).

The problem already existed on Windows 8. By default, the built-in administrator cannot execute modern apps. The reason that many admins are now stumbling across this error message is because Edge is the first modern app that will actually be used by a wide range of users simply because it is the default web browser on Windows 10.

Actually, if you completely disable UAC, no one will be able to run these colorful toy applications. Note that you can’t completely disable UAC through the Control Panel. With the setting Never notify, UAC is still active.

To turn off all UAC settings, you have to disable the security policy User Account Control: Run all administrators in Admin Approval Mode (Computer Configuration > Policies > Windows Settings > Security > Security Options).

Completely disabling UAC

Completely disabling UAC

If you are looking for a bulletproof method that ensures that no user can run modern apps, this is one way to do it.

Message indicating that app can’t open while User Account Control is turned off

Message indicating that app can’t open while User Account Control is turned off

If you completely disable UAC, a user in the administrators group will run all applications with an administrator access token (elevated). You can verify that by opening Notepad the common way (no need to run it as an administrator) and save a file in C:\Windows. With the default settings, administrators can’t do that because common applications will be executed with a standard user access token.

We are now getting closer to the real problem. The built-in administrator account essentially runs with all UAC settings disabled. That is, all applications are executed with full admin privileges without the UAC prompt, and this would also apply to all modern apps.

In a world without security paranoia, we would trust our administrator to be careful enough not to run insecure Windows apps from the Store that install the latest computer worm on the Windows computer through a security hole that a Microsoft engineer left behind. However, because many admins don’t really know what they are doing, a popup prompt has to save the careless geek.

Thus, if you enable the policy User Account Control: Admin Approval Mode for the Built-in Administrator account (Computer Configuration > Policies > Windows Settings > Security > Security Options), the built-in administrator account can run Edge and all other Windows apps because the UAC popup now ensures that everything is perfectly secure. (Make sure you reboot the computer after you change the UAC settings.) The consequence is that, from now on, Windows will present a UAC prompt whenever you run applications that require elevation (regedit.exe, for instance).

Enabling Admin Approval Mode for the built-in administrator account

Enabling Admin Approval Mode for the built-in administrator account

However, many admins like to log on with the domain administrator account, just so UAC prompts won’t get on their nerves. The good news is that you can turn off these UAC prompts even if Admin Approval Mode is enabled, if you now set UAC in the Control Panel to Never notify.

Setting UAC to never notify

Setting UAC to never notify

However, the difference in the default configuration is that not all applications will be executed with administrator rights automatically. For instance, if you want to edit a file in the Windows folder, you now have to launch Notepad as an administrator (right-click).

Win the monthly 4sysops member prize for IT pros

Share
2+

Users who have LIKED this post:

  • avatar

Related Posts

94 Comments
  1. Andre 2 years ago

    Hi Michael

    As group policy is not available in Windows 10 Home.
    I did some registry changes instead.

    1) Different solution without disabling UAC:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System FilterAdministratorToken 0 Default 1 enabled Change to 1

    Also this method, from the following website
    http://www.askvg.com/tip-disable-microsoft-account-sign-in-requirement-in-windows-8-1-store-apps/

    Use Method 2.

    It's about Windows 8, but I can confirm, that apps open up in the admin profile.

    Regards

    3+

    • Ankush 1 year ago

      Hey Andre!

      Your method worked for me in Windows 10. I couldn't run any damn app on the Home license. Followed your steps. I had to create the DWORD (32-bit) value for 'FilterAdministratorToken' and put the value 1. Restarted and it worked! Thanks so much, brother.

      4+

      • Max 12 months ago

        Ankush -- your extra details make Andre's regedit work. -- Thanks

        5+

        Users who have LIKED this comment:

        • avatar
      • Andrew 3 months ago

        Thanks to both Michael and Andre. Great info. I sort of get why they might want to restrict edge but doing so to ALL metro apps on the Administrator account is overkill, and it's not just the "built in" account as the message states, it does this when I'm logged in using my domain Administrator account. The final straw was when I could not even look at Windows defender when logged in as Admin, the info in this article and it's comments helped me fix that.

        0

        • Author
          Michael Pietroforte 3 months ago

          It is not only overkill, it also shows that the entire concept has not been thought through. If those modern apps are supposed to replace desktop applications in the long run, how will ever be able to run management apps? Or is Microsoft seriously considering to continue with this hodgepodge of apps?

          2+

    • Jace Sheppard 1 year ago

      Thanks.  That worked for me, also.

      0

    • Kat 1 year ago

      Thaaaaaank you! So many people claimed to have a solution but never explained it in detail so my problem was never solved. Your explanation was comprehensive so, again thanx!

      0

    • user 11 months ago

      Best Answer

      0

  2. Michael Pietroforte 2 years ago

    Andre, thanks! You right, you can't use Group Policy editor on Windows 10 Home. But I think the article you linked is about another topic. It is about using Windows apps without Microsoft account.

    0

  3. Andre 2 years ago

    Michael, Yes, but these tweaks, allow me to run Edge, in the built in admin account.
    I'd post a screenshot, but no can do.

    0

  4. John W 2 years ago

    Hi Andre, what should I do if these tweaks still don't work for me? I still get the same #$%@! error message about not being able to run MS Edge using Built-In Administrator account. Running latest version of Win 10 Pro, Build 10586.14. I noticed that lowering the access level to "User" does allow an account to run MS Edge. But Administrator or Power User doesn't. Thanks.

    0

  5. John W 2 years ago

    Hi Andre, please ignore/delete my earlier message. For some unknown reason, after multiple reboots MS Edge is now running for user accounts set to Administrator.

    0

  6. John W 2 years ago

    Sorry, spoke too soon, still having the same trouble with MS Edge (after rebooting) as explained in my first message.

    0

  7. Marek 2 years ago

    If your system doesn't have the "Group Policy Management Console" aka gpmc.msc (my Win10 Pro doesn't), you can use "Local Security Policy" aka secpol.msc and navigate to Security Settings - Local Policies - Security Options.

    However what saddens me that there seems to be no way to run all apps as admin by default, including Metro apps (Edge, Settings) and without a prompt.

    0

    • Mark 1 year ago

      The msc for the Local Group Policy Editor, which is available in Win 10 Pro, is gpedit.msc

      0

  8. joe 2 years ago

    I need to leave uac disabled in order to run one of my software programs. How do i go about opening edge and other apps, Do I have to make another user account?

    Joe

    0

  9. Author
    Michael Pietroforte 2 years ago

    joe, did you try to run this application in compatibility mode with UAC turned on?

    0

  10. Joe 2 years ago

    yes, Does not work.

    thanks

    0

  11. Arun 2 years ago

    Same as Joe. It doesn't work even for me. Caught in a loop. If I disable UAC, my application works but builtin apps fail. If I enable UAC, builtin apps work but my application doesn't. 🙁

    3+

  12. Author
    Michael Pietroforte 2 years ago

    @Joe, Arun

    I guess the application requires administrator rights? One thing you should seriously consider is to replace this application with a new one that supports UAC.

    0

  13. Bob R 1 year ago

    I couldn't get anything to work.. fingerprint scanner... apps, Edge... then realized that I was logged in with my mobile Microsoft account!!! I logged out of that.. and into my Home account.. BAM!!!!  EVERYTHING works!!!!.. apps, fingerprint scanner, Edge... so before you go and try all these registry edits and policy changes... make sure you are logged in to your computer with your HOME account...

     

    0

  14. LE 1 year ago

    Okay, I read everything....made sense.  Tried to go to the Editor, but I can't as an administrator.  Tried to create another account, but I can't do that either.  So, now a relatively easy and logical fix becomes another frustration.  Any ideas?

    0

    • Author

      If you can't create a new user account, you are probably not logged on with an administrator account.

      0

      • LE 1 year ago

        I only have an administrator account on this laptop.  When I try to create a new user account, I also get the message that I cannot open this app as an administrator and to create a new user account.  Locked in the loop.

        0

        • Author

          You have to use the desktop app to create a new user account. Right-click Start and then run Computer Management.

          0

  15. LE 1 year ago

    Under Comp Management, there is nothing like 'Local Users and Groups' as an option to create a new user.  Am I missing something simple here?  I have searched for all the files and so far no success.  I do appreciate your patience.

    0

    • Author

      Right-click the Users folder. You should then see "New User" in the context menu.

      0

  16. LE 1 year ago

    This is quote from another user with my problem: "Just converted from 8.1 to 10 and cannot enable guest or other users. Tried all suggestions I found from searching internet and none work. Seem like I need to get at local users and groups in computer management but they don't show up as a menu item. Some info I've seen says I need to run gpedit.msc, but that is not in Win 10 home version.... Got to be a way to get them back. Control panel/users only shows my account."  

    0

  17. LE 1 year ago

    There is absolutely nothing with the word User or anything close to right click on....it simply does not exist.  There is no category for either User or Groups....nothing.

    0

  18. LE 1 year ago

    Menu for Comp Management:  System Tools >Task Scheduler, Event Viewer, Shared Folders, Performance, Device Manager.  Storage >Disk Management. Services and Applications >Services, WMI Control, Message Queuing.

    0

    • Author

      Yes, the Home edition doesn't have the user management feature in the Computer Management app. In that case you have to add a new user on the command prompt: Right-click Start and select Command Prompt (Admin). Then you can add a new user with this command:

      net user username password /add

      To add this user to the Administrators group, you need this command:

      net localgroup administrators username /add

      0

  19. LE 1 year ago

    Thank you.  It seems the Home Edition is not very user friendly compared to the Pro version, which  is 'buggy' in it's own right.  I hope MS decides to construct a fix for these problems.  I now have a local user account, but it feels like a 'bandaid' and not a true 'fix.'

    0

  20. Serhat 1 year ago

    Thank you andre

    I was looking for a solution without disabling UAC.

    Your solution "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System FilterAdministratorToken 0 Default 1 enabled Change to 1"  solved my problem. Thank you I'll write it down to use in every machine.

    0

  21. Ryan 1 year ago

    Hey Folks, So here is my situation:

    Computer is on domain
    I have a test user account (not set admin anywhere), lets call it Test
    I have a Local Admin on the domain account, Lets call it Ladmin
    I have Windows 10 installed on this machine
    I have User Account Control: Admin Approval Mode for the Built-in Administrator account Set to Enabled

    With Ladmin, I cannot run Edge. I cannot run Calc.exe.

    With Test, I can run Edge, I can run Calc.exe.

    If I set Test to admin using Users and Groups on the local machine, it can no longer run edge nor calc.exe.

    Help?

    0

    • Ryan 1 year ago

      Also a Note: I did the regedit change mentioned above

       

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System FilterAdministratorToken 0 Default 1 enabled Change to 1

      0

      • Ryan 1 year ago

        Ok, for some reason (separate issue i guess) UAC keeps turning off automatically. I thought I had resolved that already.

         

        One I turned UAC back on, it now works.

        0

  22. Andrew Budzinski 1 year ago

    First, thanks so much for the explanation and fix! Before these changes, I couldn't open edge, the OneNote Windows app or anything, now everything opens fine.

    But... I was just wondering what would  happen if I disabled "User Account Control: Admin approval Mode..." So I disabled it and restarted. Guess what, everything still opens and works fine. While i'm okay with this, I am wondering why it's possible?

    Something I did notice, when I went to enable UAC:Admin...  the first time, it WASN'T disabled by default. In fact, neither of the circles were selected. Now that I have selected one of the options, there's no way to go back an select neither. Just wondering if anyone else has encountered this behavior.

    0

  23. Rob 1 year ago

    Woot. between the main article and the first few comments, I was able to get this issue resolved.

    Thanks folks!

    0

  24. MikeG 1 year ago

    I hate to be a party-pooper but if someone could round up all the trials that did not works and the ones that did and distill it down to a single sure fire method to fix Windows 10 Pro I would appreciate it.  I got lost after the 3rd or 4th effort to do something that also did not work?

    UAC is on never notify but that is the only thing I went through after reading to the 8th post I figured better wait for the final judgement call.  🙂

    0

  25. nurul 1 year ago

    thanks. my problem was solved.

    0

  26. Chris 1 year ago

    Hi, I cannot make this work in Win 10 Pro. I have Never Notify set in UAC, then the appropriate disable/enable policies through gpedit.msc.  I have placed a photo on my company's website so you can view what settings are present in gpedit.msc:

    http://cleanscape.net/stellar/images/uac.jpg

    Would appreciate your review and suggestions.

    0

    • Author

      Chris, did you reboot the computer after you changed the UAC settings? I forgot to mention this in the blog post. I just added this now.

      0

      • Chris 1 year ago

        I did, without success.  Another symptom, which I don't know would help isolate the issue, is that I got a similar message when I tried to install a new "app" (this is a desktop, geez Microsoft) to handle LaTeX (.tex) files. Thanks again!

        0

        • Author

          Do you have this problem with the built-in administrator account or with a normal account with admin rights?

          1+

  27. Chris 1 year ago

    It is the builtin account. Actually, I have found the problem, because your mention of the Registry in the blog reminded me: I have disabled UAC through the Registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, EnableLUA=0).

    This caused no side effects in Win7, but does cause the symptoms I'm describing, plus it even disables the GAMES that come with Win10!

    When I set the value to 1, everything works as you describe. However, I find I have to leave it off (and why I turned it off in the first place), because anything that has administrative privileges in the Startup folder WILL NOT LOAD.  I have an administrative cmd prompt, the goscreen virtual display manager, the Hot Keyboard macro utility, and others. These programs all seem to need administrative mode to run properly, and Win10 seems to think it's helping me out by not loading them for me.

    Unless/until the programs I use are updated to be 100% compatible with Win10, I guess I have to leave it off.  Or I could decide to create my own user account with admin privileges, but I'm takin' a stand - it's my machine and I want to run it like a boss with the builtin account, dammit 😉

    0

    • Chris 1 year ago

      PS #1: Sorry this is not a "reply" to your post, the browser glitched and erased my first attempt at the last reply, and so I started typing into the text box without realizing it had reset the text box as well.

      PS #2: When I went to get a LaTeX "app" in the "app store", there was no free app suggested by Microsoft to handle .tex files 🙁

      0

    • Author

      Maybe you just have to run these applications in compatibility mode or automatically run them as administrator: Right-click the application > select properties > go to the Compatibility tab.

      0

    • Leon Ogin 1 year ago

      I have the same problem; except I need EnableLUA=0 to allow drag-and-drop from file explorer into programs running as administrator.

      0

      • Chris 1 year ago

        Agreed, forgot about that! At least in Vista you could copy as path and paste it into the prompt, but I don't believe that works anymore either. For those of us that use the cmd prompt to speed up their daily operations, it's definitely a step backwards.

        In case this was solely an issue with the "built-in Administrator", I created a new user with admin privileges. With EnableLUA=0, I still got complaints about apps not available to the built-in administrator account - hello, it's not the built-in account anymore!

         

        So unless someone has magic workarounds (please publish them if you do!), withOUT EnableLUA=0, you can't
        - Drop executables into an elevated command prompt to start them
        - Start programs with "run as Administator" from the Startup folder

        However, WITH EnableLUA=0, you can't
        - Find "apps" from the Microsoft "Store" online
        - Play Win10 games (are they that vulnerable?)
        - Run Edge or any other modern app, as stated in the Michael's original blog post.

        Personally, I view all this as a weakness in Win10. To have important features that allow me to be as productive as I can, I have to disable protections that could be important behind the scenes!

        1+

  28. traveler 1 year ago

    Standard user can't install anything. Administrator can't open some files. Brilliant. What a POS.

    1+

  29. Erin 1 year ago

    Here's my problem. I have win10 home, and the problem is when I try to run an app from the windows store from any account, not the builtin administrator account, it says app can't open. I tried disabling UAC and reinabling it again, even setting the slider to always notify in control panel in the user accounts area. Still no luck. Tried making another account to run apps as a standard account. It worked fine. Then I changed it to anministrator account and had problems. Any help would be appreciated. Thanks!

    0

    • Author

      You mean whenever you add a standard account to the administrators group, this user can't open Windows apps? It is very likely that it is a UAC issue. What happens when you open a desktop app that requires admin privileges (like regedit). Do you see a UAC prompt?

      0

  30. Erin 1 year ago

    Yes, there is a UAC prompt. But I have the slider set to 0 and completely disabled UAC and still get this problem. I'm not sure what it is, is there something else I need to do in the home adision to get this fixed? I'm not all the good with registry and could really use more computer help as I'm not really all that good with them anyways

    0

  31. Juan 1 year ago

    Hi,

     

    Problem, no UAC, great can create documents on "C", however can't use W10 apps..., yes UAC, can use W10 apps, however can't creat on "C"... funny situation.. any suggetion?

    0

  32. Julie 1 year ago

    I have a windows 10 home 10586.494, bought it in april, edge worked fine until now, cant open using the built in administrator account error message, is there a way to fix this, if so can you explain it to me please, julie

    0

  33. Author

    Julie, as explained in the article, you have to modify the UAC settings. However, I recommend using a standard user account for browsing the web.

    0

  34. FazZzuR 1 year ago

    Thanks dude. I see many articles on that theme, but you only one who explain why is this happening.

    0

  35. Steve Norton 1 year ago

    Hi -

    I had modified the policy as you mentioned here, and all was fine... until the Win10 Anniversary update. The update has reverted my Domain Admin back to lowly user. Now, following these instructions [again] I cannot give my Admin account the elevated rights he needs. What did "they" change this time, and now how do I go about changing the policy to elevate the Admin again?

    Thanks.

    0

    • Author

      I just tried it now on Windows 10 1607 (Anniversary Update) and it worked. Are you sure that you configured the policy for the built-in administrator? I first made the mistake to configure Admin Approval Mode for all administrators and this doesn't work. To verify that UAC is configured correctly, you can launch Regedit with the local built-in administrator or with the built-in domain administrator account. If you see a UAC prompt,  UAC is configured correctly and you can also open Edge. If you don't see a UAC prompt, Admin Approval Mode is not enabled for the built-in administrator and you can't launch Edge.

      1+

  36. tablokar 1 year ago

    but my error is stable on win 10 !:(

    0

    • Author

      Carefully check your UAC settings as described in the article. Best way to test if your settings are correct, is to open regedit with the built-in administrator account. If you don't see a UAC prompt, you didn't configure UAC correctly.

      0

  37. Julie 1 year ago

    Once I move the slider down it will automatically move back to the top. If I go into the registry and change the value from 0 to 1 I will not have the drop n drag feature anymore.

    0

    • Author

      As mentioned in the article, moving the slider is not the solution to the problem. You have to enable the Admin Approval Mode for the Built-in Administrator account. What kind of drag and drop does not work anymore?

      0

  38. Asha 1 year ago

    here's my problem; I got my computer not too long ago and about after a week of getting it, it began to tell me that certain apps could not be opened with the built in admin account. I went to a place and they did a reset of the computer and it started working again however after a day of working properly it stopped working. I've been reading the comments , trying to do what everyone is saying however none of the solutions seem to be able to help me. for example for the solution with the HOTKEY , I connot find a Filter Adminisrator Token. for the one with the Command line IU, none of the commands work for me including the one that was recommended to me by the system. Whenever I go into my settings to create a new accound for it to be switched to, it does not open anything for me to do so. I would really like to find a way to fix this problem, PLEASE HELP ME!!!

     

    0

    • Alex 1 year ago

      You need to create the HOTKEY. Navigate to where it's suppose to be and then right click, select new-->DWORD (32bit) and name it FilterAdminisratorToken with a value of 1. Reboot, then you should be fine. 

      1+

  39. Alex 1 year ago

    For some reason, the instructions didn't work for me. My domain users were still getting the built-in administrator error. Even though we are running Windows 10 Pro, the registry hack for the Home addition worked! I used group policy to push it to my machines and now my clients can be admins of their machines and not have issues running programs, install/uninstall programs etc.

    0

    • Author

      Domain users, shouldn't see this error message even if they are in the domain admin group. You probably disabled UAC altogether. In that case, nobody can use Windows apps as described in the article.

      0

  40. Dennis 1 year ago

    I just updated to the Windows 10 anniversary update (cumulative 1607) and set UAC to default. Now my account works normally, and I can open Edge.

    Before that, I did have some adware somehow (fresh upgrade from 8 to 10), but removed them with AdwCleaner and Malwarebytes Anti-Malware. I assume the adware set my UAC to disabled, since it is not the default setting.

    0

    • Author

      I don't think that the Anniversary Update brought any changes with regard to this issue. You either didn't log on with the built-in administrator account or you still have admin approvable mode enabled for the built-in admin.

      0

  41. TZ 12 months ago

    We have found that we need to enable "User Account Control: Run all administrators in Admin Approval Mode" (EnableLUA in the registry) as well as "User Account Control: Use Admin Approval Mode for the built-in Administrator account" (FilterAdministratorToken in the registry) to use these applications in Windows 10.  We did this by running a script to modify both registries like Andre mentioned.  "EnableLUA" and "FilterAdministratorToken" should be set to 1 (Enabled).  They are in the same directory in the registry.  After a reboot, it should work for you.

    1+

  42. MStanier 12 months ago

    Adding the FilterAdministratorToken and changing the value to 1 allows me to open Edge as the built-in administrator on Win10 Home but it doesn't allow me Internet access. My Internet access is via a server on the ethernet port. When I switch back to User, I immediately get Internet. When I switch to Administrator I get 'No Internet connection'.

     

    Any ideas?

    It will have to be a registry entry/edit as you can't open group policies or security policies on Win10 Home.

     

    Thanks.

    1+

    • Author
      Michael Pietroforte 12 months ago

      Sounds odd. When you log on as Administrator can you ping external sites? Try this:

      ping 8.8.8.8

      If not, then it is not a a browser problem. If you receive replies, then it could be a proxy setting. Maybe there is a HTTP proxy configured for the user account, but not for the Administrator?

      0

      • MStanier 12 months ago

        Hi Michael. Yes, it was a proxy issue. All running smoothly now. Thank you so much for your article and your response to my comment.

        0

  43. Lucio Torstensson 11 months ago

    Hello, just a small question to this and thanks for the info by the way. I currently have UAC completely off (as displayed in the OP). And thus, I cannot use the calculator for example. Is there any way to be able to run all these Apps AND have UAC completely off (registry)? Perhaps tricking Windows it's still there or something. That or do you know any nice 3rd party calculator I can use in place of the default one? 😀 Windows 10 64-bit here btw.

    0

    • Author
      Michael Pietroforte 11 months ago

      As far as I know, UAC has to be enabled if you want to work with modern apps. There are many free desktop calculators. Just google it.

      0

      • Lucio Torstensson 11 months ago

        I see, thanks a lot for the quick reply!

        0

  44. Sunil 11 months ago

    I say: why bother?  use Chrome or Firefox.  it's the first thing I load with other utilities using Ninite.  I'm so sick of MS telling me what I can and can't do "for my own good".  Every new version of Windows brings some new level of idiocy that's unexplainable.  Ever try saving a page in Edge... can't be done.  Ever try opening banking or medical websites in Edge.. total fail.  and, no, I don't want to "give it a try" so don't make me answer another stupid question when I change my default browser!

    MS should stick with doing a solid OS and leave the rest to others.

    0

  45. paul 10 months ago

    It's almost like Microsoft doesn't want people to enjoy using Windows. Like when they replaced the 'Start' menu, with the 'Stop' menu in Windows 8 (as in 'we're going to change everything, and then hide a bunch stuff in a way that if you actually find it it's still all different, and then we'll give you no option to go back to what you're familiar with, so that you will Stop using Windows, because we hate having to deal with customers as they just don't know how to use our computers they bought for us to run our masterpiece of stupidity')

    Like here, wouldn't it have been much easier and simpler to associate a lower privileged 'normaluser' account to the admin account, and automatically do like 'runas /user:normaluser' when you launch things like Edge? We'd then never need the spaghetti of settings, as every setting is a security whole waiting to be exploited. uhg.

    1+

    • Author
      Michael Pietroforte 10 months ago

      Removing the Start menu was a good thing. The Start screen was just poorly designed. I love the "Start screen" on OS X (Launchpad). The fact that Microsoft brought back the Start menu in Windows 10 shows that Redmond is actually doing the opposite to what you are claiming. They "listen to customers" and give them whatever the customers believe makes them happy. And this is Microsoft's main problem. In the days where Microsoft was growing rapidly they didn't listen to anyone except to the instincts of their leaders.

      The problems with Edge and the Modern apps in general come from the same source. Ballmer was very much afraid of Steve Job's post PC blah blah. So he wanted to bring Windows on tablets as fast as possible. He forced his engineers to reinvent Windows in a very short time. The poorly designed Modern apps are the result. If Ballmer would have been a good leader and didn't always just listen to what customers want, Microsoft wouldn't have got into in this trouble in the first place.

      Apple could become a serious competitor because their leader didn't listen to customers and just told them what they really want. You could say that the Edge problem exists because Jobs succeeded with his deliberate scare-mongering post PC talk which forced Ballmer into making so many big mistakes.

      0

  46. Kevin 10 months ago

    "Running a web browser as an administrator is a no-no" This cannot be the reason. The first user you create wil be a local admin, and wil run a web browser. They where just to lazy to protect the browser interaction with Windows itself (where they should've protected the user instead), and put some nonesense quick and dirty fix in there instead. Users with local admin rights will not be protected by this at all

    0

    • Author
      Michael Pietroforte 10 months ago

      Yes, it is not the reason as I mentioned in the article. The reason is that Modern apps are designed like mobile apps. When you run an app on your Android phone you don't run it as root. The problem is that Windows machines also run in corporate environments and need to be managed by administrators. Mobile devices were not designed for this. When Microsoft tried to force the mobile paradigm onto desktop computers all these problems came up.

      The UAC problem is not the only problem. Modern apps are hard to manage for admins. Microsoft now tries to fix all these issues. It remains to be seen if these two very different systems really fit together.

      0

  47. Andre 8 months ago

    Wow, this article took off, since it I started it.

    I was following it, but stopped getting notifications, any ideas as to why, Michael?

     

    Regards

    Andre

    0

    • Author
      Michael Pietroforte 8 months ago

      You are still subscribed to notifications. Maybe the emails are in your spam folder?

      0

  48. Andre 8 months ago

    i received this one.

    strange, but it's working again.

    0

  49. Damian 6 months ago

    I wanted to add what worked for me on Windows 10 Pro. Enabling "Admin Approval Mode for Built-In..." did not let me use MS Edge, but enabling "run all administrators in Admin Approval Mode" did.

    Cheers,

    1+

  50. Lucas 5 months ago

    I'm running Win pro 10 in domain environment and all I did was change UAC bar up one level from never notify and now apps work fine as domain admin or built in admin. No regedit needed. FYI.

    0

    • Author
      Michael Pietroforte 5 months ago

      You mean your UAC setting is "Notify me only when apps try to make changes to my Computer..."? This doesn't work. I just tried it now on a Windows 10 Pro domain with the domain admin account. Perhaps someone else enabled admin approval mode for the built-in admin?

      0

  51. aravind anche 5 months ago

    Hello Micheal,

    I deployed windows 10 enterprise.

    my UAC are set to never notify

    user Account Control: Admin Approval Mode for the Built-in Administrator account is enabled

    I can not open EDGE.

    It gives error cannot open edge in built in admin account

    Thanks

    0

    • Author
      Michael Pietroforte 5 months ago

      What happens if you run regedit.exe with the built-in administrator? Do you get a UAC prompt or not?

      0

  52. Kyle 3 months ago

    It seems this policy has changed with 1703 Creators Update. UAC is disabled by our domain so with Windows 10 1607 no one could run Windows Store / UWP apps, but with version 1703 we can. Do you know of any documentation from Microsoft on this?

    0

  53. Anthony 3 months ago

    I had the same issue listed above with a company. Global policy change and the reg fix did not resolve it. Installed creators update and it has resolved the problem.

    0

  54. Kyle 3 months ago

    Thanks for sharing, Anthony. I'd like to get some traction on this post and see if we can get some official comment from Microsoft.

    0

  55. Larry 2 months ago

    All I know is I read all this, tried all this, and Microsoft Edge still does not open.  4 1/2 hours wasted.

     

    1+

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account