Administrator in Vista
Tuesday, January 1st, 2008
So I’m working to setup my new “dev box at home” with Vista and finally noticed that there was no administrator account. That was not something I had heard about, but have since found quite a few articles referring to the change. It was interesting to see what the reasoning was behind the change, as well as the attempts of some to re-enable it for all the wrong reasons (like to get rid of UAC).
Based on this post at the Vista security blog, it appears that they’ve thought through the decision and all the interesting test cases fairly well. The one point I’m hitting is that I also have a Windows Home Server. On my other machines (XP, Media Center) I have the normal family accounts plus an Administrator account, each of which has some permissions on the WHS machine. This makes it easy on any machine to do administrative work on both the machine and the server. I found out about this whole no administrator thing when I tried to login (doh, where is it) and then create (can’t create an account named administrator) that account. Turns out it exists but is disabled.
Although it is fairly easy to enable the Administrator account, I’m not really sure if I should. It doesn’t have UAC enabled by default, but I can enable that. However, the fact that it’s different from other admin accounts makes me wonder if there are other differences that I should be aware of. I’ve been using Vista off and on at work for the last year and a half, and I haven’t noticed the need for the original “administrator” account until now. The alternative to enabling it would be to create a new admin account on all the other machines.
I think I’ll actually go that route. I like to have control of things, and being forced to create an account like this when I get a new machine is a good reminder of the bigger world of security issues that I need to be aware of. I should also note that despite the new UAC features in Vista, I’ll still be maintaining separate admin and user accounts. Though my wife sometimes gets annoyed when not running as admin I remind her that it’s kept our computers very safe over the last few years.