21
12
So I have a Windows 7 home machine with 2 user accounts. One is a standard user account and one is an administrator account. Now this is going to be put in the hands of a very low-tech user so I don't want them to be able to see the administrator account on logon, but they want to have a password to prevent someone else from using the machine.
My goal is that when the user turns on the computer, they are presented with their login. After logging in to their non-administrator account, if something needs to be installed then the administrator account can be used through UAC.
I have tried creating the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
and adding a dword of the account name and set it to 0. It succeeded in hiding the account from th login screen. As well as hiding it from UAC. So it fails the second requirement, of being able to run things as administrator through UAC.
Also since I didn't set an administrator password (left it blank) it seems that I have completely locked myself out of the machine since runas doesn't accept blank passwords. So I also cannot undo it, and have quite effectively bricked the install, prompting an OS reinstall.
This is Windows 7 Home, so there is no Users management console.
That actually is almost exactly what I was looking for but is there a way to to clean up the admin prompt besides editing regedit? I'm hoping something to toggle in Local Security Policies. – wag2639 – 2010-10-25T07:46:24.917
1Yes, it is an option in
gpedit.msc
, however, that isn't available on Windows 7 Home Premium, so I left it out since people without Win7 Pro or later would be confused and unable to follow the instructions. If you want to do it in the group policy editor though, you can go toComputer Configuration > Administrative Templates > Windows Components > Credential User Interface
and change the setting for "Enumerate administrator accounts on elevation" to "disabled". – nhinkle – 2010-10-25T07:59:25.883Thanks, I was searching the Interwebs for it and found it on another SU question for the opposite. I wanted to do this cause I like doing SOHO Windows admin and only deal with professional or better. – wag2639 – 2010-10-25T08:07:29.650
If you got locked out by the
Winlogon\SpecialAccounts\UserList
simply use this: opencmd
, typerunas /user:admin cmd
, in the new console type: regedit and than you can edit the registry. You dont need system restore at all. – Gergely Fehérvári – 2012-10-11T22:28:40.290