If you log on with the built-in administrator account or a domain administrator account on a Windows 10 computer, you won’t be able to run Microsoft Edge. In this post, I will explain why this is the case and how you can open Edge and all Windows (modern) apps with the administrator account.
Avatar
Latest posts by Michael Pietroforte (see all)

Once upon a time, an administrator was the unchallenged ruler on a Windows computer. An administrator account had no restrictions whatsoever. These times are over. Nowadays, an administrator is not even allowed to do what every standard user can do—that is, open common apps such as Microsoft Edge. This is how far the security paranoia of recent years has brought us. Okay, as usual, I am exaggerating. But error messages like the one below don’t really make sense to me.

If you try to run Edge with a domain administrator account, you will be greeted by Microsoft’s new browser in a Spartan way:

Microsoft Edge - This app can’t be opened

Error message: This app can’t open. Microsoft Edge can’t be opened using the Built-in Administrator account. Sign in with a different account and try again.

This error message is actually not telling the truth. Microsoft Edge can be opened using the built-in administrator account, and there is no need to sign in with a different account and “try again.” If you are willing to jump through a few hoops, Edge runs fine with the built-in administrator account.

Some how-to bloggers who covered this topic tell you this Windows feature is actually a good thing. Running a web browser as an administrator is a no-no. The unbearable Internet Explorer Enhanced Security on Windows Server comes to mind.

However, this is not what this “feature” is all about. If you feel like it, you can run Internet Explorer (which most likely is less secure than Edge) with the built-in administrator account on a Windows 10 machine without being troubled. No, this odd behavior is just a consequence of the poorly designed User Account Control (UAC).

The problem already existed on Windows 8. By default, the built-in administrator cannot execute modern apps. The reason that many admins are now stumbling across this error message is because Edge is the first modern app that will actually be used by a wide range of users simply because it is the default web browser on Windows 10.

Actually, if you completely disable UAC, no one will be able to run these colorful toy applications. Note that you can’t completely disable UAC through the Control Panel. With the setting Never notify, UAC is still active.

To turn off all UAC settings, you have to disable the security policy User Account Control: Run all administrators in Admin Approval Mode (Computer Configuration > Policies > Windows Settings > Security > Security Options).

Completely disabling UAC

Completely disabling UAC

If you are looking for a bulletproof method that ensures that no user can run modern apps, this is one way to do it.

Message indicating that app can’t open while User Account Control is turned off

Message indicating that app can’t open while User Account Control is turned off

If you completely disable UAC, a user in the administrators group will run all applications with an administrator access token (elevated). You can verify that by opening Notepad the common way (no need to run it as an administrator) and save a file in C:\Windows. With the default settings, administrators can’t do that because common applications will be executed with a standard user access token.

We are now getting closer to the real problem. The built-in administrator account essentially runs with all UAC settings disabled. That is, all applications are executed with full admin privileges without the UAC prompt, and this would also apply to all modern apps.

In a world without security paranoia, we would trust our administrator to be careful enough not to run insecure Windows apps from the Store that install the latest computer worm on the Windows computer through a security hole that a Microsoft engineer left behind. However, because many admins don’t really know what they are doing, a popup prompt has to save the careless geek.

Thus, if you enable the policy User Account Control: Admin Approval Mode for the Built-in Administrator account (Computer Configuration > Policies > Windows Settings > Security > Security Options), the built-in administrator account can run Edge and all other Windows apps because the UAC popup now ensures that everything is perfectly secure. (Make sure you reboot the computer after you change the UAC settings.) The consequence is that, from now on, Windows will present a UAC prompt whenever you run applications that require elevation (regedit.exe, for instance).

Enabling Admin Approval Mode for the built-in administrator account

Enabling Admin Approval Mode for the built-in administrator account

However, many admins like to log on with the domain administrator account, just so UAC prompts won’t get on their nerves. The good news is that you can turn off these UAC prompts even if Admin Approval Mode is enabled, if you now set UAC in the Control Panel to Never notify.

Setting UAC to never notify

Setting UAC to never notify

However, the difference in the default configuration is that not all applications will be executed with administrator rights automatically. For instance, if you want to edit a file in the Windows folder, you now have to launch Notepad as an administrator (right-click).

avataravatar
94 Comments
  1. Avatar
    Andre 8 years ago

    Hi Michael

    As group policy is not available in Windows 10 Home.
    I did some registry changes instead.

    1) Different solution without disabling UAC:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System FilterAdministratorToken 0 Default 1 enabled Change to 1

    Also this method, from the following website
    http://www.askvg.com/tip-disable-microsoft-account-sign-in-requirement-in-windows-8-1-store-apps/

    Use Method 2.

    It’s about Windows 8, but I can confirm, that apps open up in the admin profile.

    Regards

    • Avatar
      Ankush 8 years ago

      Hey Andre!

      Your method worked for me in Windows 10. I couldn’t run any damn app on the Home license. Followed your steps. I had to create the DWORD (32-bit) value for ‘FilterAdministratorToken’ and put the value 1. Restarted and it worked! Thanks so much, brother.

      • Avatar
        Max 7 years ago

        Ankush — your extra details make Andre’s regedit work. — Thanks

        avatar
      • Avatar
        Andrew 6 years ago

        Thanks to both Michael and Andre. Great info. I sort of get why they might want to restrict edge but doing so to ALL metro apps on the Administrator account is overkill, and it’s not just the “built in” account as the message states, it does this when I’m logged in using my domain Administrator account. The final straw was when I could not even look at Windows defender when logged in as Admin, the info in this article and it’s comments helped me fix that.

        • Avatar Author

          It is not only overkill, it also shows that the entire concept has not been thought through. If those modern apps are supposed to replace desktop applications in the long run, how will ever be able to run management apps? Or is Microsoft seriously considering to continue with this hodgepodge of apps?

    • Avatar
      Jace Sheppard 8 years ago

      Thanks.  That worked for me, also.

    • Avatar
      Kat 7 years ago

      Thaaaaaank you! So many people claimed to have a solution but never explained it in detail so my problem was never solved. Your explanation was comprehensive so, again thanx!

    • Avatar
      user 7 years ago

      Best Answer

  2. Avatar

    Andre, thanks! You right, you can’t use Group Policy editor on Windows 10 Home. But I think the article you linked is about another topic. It is about using Windows apps without Microsoft account.

  3. Avatar
    Andre 8 years ago

    Michael, Yes, but these tweaks, allow me to run Edge, in the built in admin account.
    I’d post a screenshot, but no can do.

  4. Avatar
    John W 8 years ago

    Hi Andre, what should I do if these tweaks still don’t work for me? I still get the same #$%@! error message about not being able to run MS Edge using Built-In Administrator account. Running latest version of Win 10 Pro, Build 10586.14. I noticed that lowering the access level to “User” does allow an account to run MS Edge. But Administrator or Power User doesn’t. Thanks.

  5. Avatar
    John W 8 years ago

    Hi Andre, please ignore/delete my earlier message. For some unknown reason, after multiple reboots MS Edge is now running for user accounts set to Administrator.

  6. Avatar
    John W 8 years ago

    Sorry, spoke too soon, still having the same trouble with MS Edge (after rebooting) as explained in my first message.

  7. Avatar
    Marek 8 years ago

    If your system doesn’t have the “Group Policy Management Console” aka gpmc.msc (my Win10 Pro doesn’t), you can use “Local Security Policy” aka secpol.msc and navigate to Security Settings – Local Policies – Security Options.

    However what saddens me that there seems to be no way to run all apps as admin by default, including Metro apps (Edge, Settings) and without a prompt.

    • Avatar
      Mark 7 years ago

      The msc for the Local Group Policy Editor, which is available in Win 10 Pro, is gpedit.msc

  8. Avatar
    joe 8 years ago

    I need to leave uac disabled in order to run one of my software programs. How do i go about opening edge and other apps, Do I have to make another user account?

    Joe

  9. Avatar Author

    joe, did you try to run this application in compatibility mode with UAC turned on?

  10. Avatar
    Joe 8 years ago

    yes, Does not work.

    thanks

  11. Avatar
    Arun 8 years ago

    Same as Joe. It doesn’t work even for me. Caught in a loop. If I disable UAC, my application works but builtin apps fail. If I enable UAC, builtin apps work but my application doesn’t. 🙁

  12. Avatar Author

    @Joe, Arun

    I guess the application requires administrator rights? One thing you should seriously consider is to replace this application with a new one that supports UAC.

  13. Avatar
    Bob R 8 years ago

    I couldn’t get anything to work.. fingerprint scanner… apps, Edge… then realized that I was logged in with my mobile Microsoft account!!! I logged out of that.. and into my Home account.. BAM!!!!  EVERYTHING works!!!!.. apps, fingerprint scanner, Edge… so before you go and try all these registry edits and policy changes… make sure you are logged in to your computer with your HOME account…

     

  14. Avatar
    LE 8 years ago

    Okay, I read everything….made sense.  Tried to go to the Editor, but I can’t as an administrator.  Tried to create another account, but I can’t do that either.  So, now a relatively easy and logical fix becomes another frustration.  Any ideas?

    • Avatar Author

      If you can’t create a new user account, you are probably not logged on with an administrator account.

      • Avatar
        LE 8 years ago

        I only have an administrator account on this laptop.  When I try to create a new user account, I also get the message that I cannot open this app as an administrator and to create a new user account.  Locked in the loop.

        • Avatar Author

          You have to use the desktop app to create a new user account. Right-click Start and then run Computer Management.

  15. Avatar
    LE 8 years ago

    Under Comp Management, there is nothing like ‘Local Users and Groups’ as an option to create a new user.  Am I missing something simple here?  I have searched for all the files and so far no success.  I do appreciate your patience.

  16. Avatar
    LE 8 years ago

    This is quote from another user with my problem: “Just converted from 8.1 to 10 and cannot enable guest or other users. Tried all suggestions I found from searching internet and none work. Seem like I need to get at local users and groups in computer management but they don’t show up as a menu item. Some info I’ve seen says I need to run gpedit.msc, but that is not in Win 10 home version…. Got to be a way to get them back. Control panel/users only shows my account.”  

  17. Avatar
    LE 8 years ago

    There is absolutely nothing with the word User or anything close to right click on….it simply does not exist.  There is no category for either User or Groups….nothing.

  18. Avatar
    LE 8 years ago

    Menu for Comp Management:  System Tools >Task Scheduler, Event Viewer, Shared Folders, Performance, Device Manager.  Storage >Disk Management. Services and Applications >Services, WMI Control, Message Queuing.

    • Avatar Author

      Yes, the Home edition doesn’t have the user management feature in the Computer Management app. In that case you have to add a new user on the command prompt: Right-click Start and select Command Prompt (Admin). Then you can add a new user with this command:

      net user username password /add

      To add this user to the Administrators group, you need this command:

      net localgroup administrators username /add

  19. Avatar
    LE 8 years ago

    Thank you.  It seems the Home Edition is not very user friendly compared to the Pro version, which  is ‘buggy’ in it’s own right.  I hope MS decides to construct a fix for these problems.  I now have a local user account, but it feels like a ‘bandaid’ and not a true ‘fix.’

  20. Avatar
    Serhat 8 years ago

    Thank you andre

    I was looking for a solution without disabling UAC.

    Your solution HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System FilterAdministratorToken 0 Default 1 enabled Change to 1″  solved my problem. Thank you I’ll write it down to use in every machine.

  21. Avatar
    Ryan 8 years ago

    Hey Folks, So here is my situation:

    Computer is on domain
    I have a test user account (not set admin anywhere), lets call it Test
    I have a Local Admin on the domain account, Lets call it Ladmin
    I have Windows 10 installed on this machine
    I have User Account Control: Admin Approval Mode for the Built-in Administrator account Set to Enabled

    With Ladmin, I cannot run Edge. I cannot run Calc.exe.

    With Test, I can run Edge, I can run Calc.exe.

    If I set Test to admin using Users and Groups on the local machine, it can no longer run edge nor calc.exe.

    Help?

    • Avatar
      Ryan 8 years ago

      Also a Note: I did the regedit change mentioned above

       

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System FilterAdministratorToken 0 Default 1 enabled Change to 1

      • Avatar
        Ryan 8 years ago

        Ok, for some reason (separate issue i guess) UAC keeps turning off automatically. I thought I had resolved that already.

         

        One I turned UAC back on, it now works.

  22. Avatar
    Andrew Budzinski 8 years ago

    First, thanks so much for the explanation and fix! Before these changes, I couldn’t open edge, the OneNote Windows app or anything, now everything opens fine.

    But… I was just wondering what would  happen if I disabled “User Account Control: Admin approval Mode…” So I disabled it and restarted. Guess what, everything still opens and works fine. While i’m okay with this, I am wondering why it’s possible?

    Something I did notice, when I went to enable UAC:Admin…  the first time, it WASN’T disabled by default. In fact, neither of the circles were selected. Now that I have selected one of the options, there’s no way to go back an select neither. Just wondering if anyone else has encountered this behavior.

  23. Avatar
    Rob 8 years ago

    Woot. between the main article and the first few comments, I was able to get this issue resolved.

    Thanks folks!

  24. Avatar
    MikeG 8 years ago

    I hate to be a party-pooper but if someone could round up all the trials that did not works and the ones that did and distill it down to a single sure fire method to fix Windows 10 Pro I would appreciate it.  I got lost after the 3rd or 4th effort to do something that also did not work?

    UAC is on never notify but that is the only thing I went through after reading to the 8th post I figured better wait for the final judgement call.  🙂

  25. Avatar
    nurul 8 years ago

    thanks. my problem was solved.

Leave a reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account