In Windows Vista we made numerous changes to our user account model. Standard users are now the default user type for new accounts created after initial setup. The Power Users group is effectively deprecated. In addition, we’ve made it much easier to run as a standard user and even administrators run with limited Windows privileges and user rights by default. But people often ask us, “What about the built-in administrator account? Isn’t it a security risk to have an administrator account with no password?” Yes, in some cases this administrator account could be used to circumvent other security mechanisms. For example, parental controls could not be effective if the child could simply login with the built-in administrator account and do whatever they want, including disabling the Parental Controls.
In Windows Vista RC1 we will have completed a series of changes to disable the built in administrator account under most circumstances. These changes apply to the default administrator account named Administrator, which is created during setup.
Be aware that disabling the built-in administrator account means that it is important that you do not forgot the user name and passwords for the other administrator accounts on that PC. If you do, you may end up a in a situation where you are unable to make further admin changes to your PC—or even event not be able to login at all. To make sure that happens we recommend the follow tips for home users:
Note: as we move closer to RTM we will be posting another related blog to address the built-in administrator management in the enterprise.
Darren Canavor, Program Manager, Windows Security Core