windows 7 - Cannot run as administrator

07
2014-07
  • yougotiger

    I have a small problem. I have several kiosk stations that I created, and I cannot run anything as an administrator because the password is expired. We created an administrative user account specifically for our department to use and I neglected to check the 'password never expires' option for the account, so the password has expired. The built in administrator account is disabled. Thus I can't do any installs or run anything to get the machine OUT of kiosk mode (the machine automatically logs in as a limited user). Here's what I've tried, each has failed:

    • Lock system and switch user (on the kiosks locking the workstation is disabled. Also, the ForceAutoLogon setting is set to 1 in the registry so clicking switch user logs back in automatically, and I can't change ForceAutoLogon to 0 since I can't run regedit elevated).
    • Boot from install CD and choose repair. Tried to use the repair command prompt to activate Administrator account or to change password for the other administrator account (net user commands...). This fails, it seems to only affect accounts for the version of Windows in memory not the one on the hard drive, the other administrator account isn't recognized.
    • Safe Mode. Autologon happens with safe mode as well so I still don't have the opportunity to change the password, and since it autologs in as a limited user, I still can't run elevated applications.
    • I can't login to the system with the administrator account to have it prompt to change password as the computer is set to automatically login as a limited user and I can't turn off these settings without running regedit as an administrator.

    The operating system is Windows 7 64 bit.

    Any suggestions no how to get around this issue?

    • Answers
  • yougotiger

    Here's what I found solved the issue. I downloaded the 'Ultimate Boot CD' (http://www.ultimatebootcd.com/) which allowed me to boot to their Linux cd, and then used the included PCRegedit utility to change the registry so that the computer logged in as the administrator user with the expired password. When it automatically logs in, since the password is expired, you are required to change it. Now I'm logged in as an administrator and can run computer management utility and set the admin user's password to never expire. I then boot from the ultimate CD again, and then change the registry to have the limited user login automatically once again. Kind of a lot of waiting as things boot round and round again, and it has to run chkdsk every time you use the PCRegedit tool, but it works.


    • Related Question

    windows 7 - Run as administrator needed for IE8 workaround but user is in Administrators group
  • John Mo

    I'm running IE8 on Windows 7 and logging in under a company domain account (not the machine domain). The domain account is assigned to the machine's administrators group. As a workaround for the issue noted in IE 8 Issues, I discovered that if I started IE8 using "Run as administrator," that the IE8 issue noted go away.

    Question: With the login account assigned to the Administrators group, why can't I just start IE8 and already be running "as administrator." Is there something I've overlooked in setting up my domain account in Windows 7 that would eliminate the need to use "Run as administrator?"

    On a side note, using "Run as administrator" has also worked around a problem I was having with SQL Server Management Studio 2005.


    • Related Answers
  • JP Alioto

    In Windows 7 (and Vista) you do not run as administrator by default. You have the ability to elevate your privileges as necessary to perform tasks (Run As Administrator). There is extensive information about User Account Control at Understanding and Configuring User Account Control in Windows Vista. It's a bit different in 7, but the concept is the same.

  • izb

    I think you can right-click the IE shortcut and choose properties. On the properties there should be a checkbox that lets you 'Run as administrator'. In this way you don't keep having to explicitly launch it in this way.

  • Chris W. Rea

    Even though the account may be an Administrator, if UAC (User Account Control) is active (and it is by default in both Vista and Windows 7), then the process will not be granted administrator privileges unless you choose to run the process with such privileges via "Run as administrator", as well as confirm the UAC dialog that appears.

    If you don't want the hassle of the dialog to confirm administrator privileges, then you could disable UAC and set the shortcut to always start the program as an administrator. However, there are good security reasons to keep UAC enabled.

  • EvilChookie

    Firstly, it sounds as if UAC is enabled. For any machine connected to a domain, I would disable UAC - it offers you no real protection in a domain environment. (especially since you probably have a group policy that would overlap in many areas, and users are running as administrator anyways, which defeats the purpose of it wholly and solely.

    If you have added the Domain Account to the Local Administrator's Group, then there's no reason that you should not be running at Administrator Level.

    I personally find it easier to add a Domain Group to the Local Administrator's Group - for Example, I can add "DOMAIN\Domain Users" to Local Administrators, and that will give all my users logon rights (this is useful when you're having people swap computers).

    In short:

    • Disable UAC
    • Possibly add a group instead of a single user?

    You can also hard code the shortcuts using /runas:DOMAIN\Username password (or similar) to get around this issue - but I understand that's probably a pain in the neck.