The Secret Windows "Super Admin" Account

NOTE: Turns out lusrmgr.msc might only show up if you're running Windows Pro or higher, not home. You can still enable the account via the command prompt method later in the video.

Plot Twist: ThioJoe is the Super Admin

its fine to always use administrator acc if you're like, sentient and know how to not download malware

I don't know how, but whenever am stuck with something on my PC, Thio uploads the exact same video as the solution the next day😂

As you mentioned, the SYSTEM account has the highest privileges within Windows. Anything that runs under this account is basically treated as part of the OS itself. A fun fact though is that if you use the task scheduler, you can actually make anything run using the SYSTEM account by ticking 'run with highest privileges'. This bypasses UAC even if it's enabled so it can be useful if you want to give a program admin permissions on login for example (of course only if you 100% trust it and know what you're doing)

I remember watching him so long ago that he used to be like do this if you want your Xbox to turn into a ps4 and the fact some people fell for it made me laugh

Curious when you'll talk about the OOBE of win 10 and its "secret" keyboard shortcuts. (Ctrl-shift-F3 for pre-oobe admin environment, shift-F10 for console, windows 5 times for Autopilot deployments, ...) I use them daily to set up Laptops at work, but it was amazing to learn about them initially as they are so incredibly rarely used by anyone aside Enterprise IT Admins.

Older Windows versions in the NT family also had other ways to get in and / or escalate privileges, including methods that involved renaming the logon screensaver or even scheduling a task to run an elevated Task Manager (before Win7 made it easier to do so.) Fortunately it was rare that such methods were needed, but handy in emergencies.

Maybe the reason your default admin was not enabled in safe mode is because you had a regular admin account enabled. The default admin is only enabled in safe mode if: 1. There is no other admin or privileged account you can log on (all regular admin users being disabled,...), and 2. The computer is NOT part of a domain.

I remember accessing this account on old school computers to install the software I wanted. I accessed it by booting in safemode and there was no password. Back then (around 2005-2010) it always seemed like it was enabled and without a password as default... at least on pre-built machines

Best practice is to create a new account to be the administrator, so it has a different SID than the built-in Administrator account, and put a strong password on it. Then use a regular User account for your day-to-day use. Then when the UAC comes up it will ask for the password for the admin account rather than just asking "hey ya wanna?".

I use the Administrator when I need to copy the files off an old drive user folder as you can copy the files without waiting for it to change the permissions which can take ages. Open an administrator command line and type "net user administrator /active:yes" to disable it again with "net user administrator /active:no"

5:05 There is a Microsoft-provided tool that can open an interactive Powershell or a command prompt (etc.) as SYSTEM… but for 99.99% of admin tasks it's like using a snowplow to scramble eggs.

Your content is always amazing. Thank-you.

Thio still seems young so this use case might have escaped him. When you've migrated files from computer to computer... one day you might be looking for a file you created back in the 90's and have no access. The user accounts and from years ago might not be what you use today. Thus, that "Secret" Admin account (which wasn't a secret to me) turned out to be very useful in manually setting permissions of old files so that users of the current computer could access them. The regular admin account hadn't such power.

On Windows 7 there was actually a way to use the "SYSTEM" account (most equivalent to Root on Linux actually) with the Windows Explorer and everything. What you had to do was replace the executable for the Windows Accessibility Stuff with "cmd.exe". Then on the login screen when you clicked on the accessibility button a Command prompt would open. From there you'd have to kill the login screen process (probably the trickiest part) and then run explorer.exe from said command prompt. You're now using the System user with UI and all Technically it's still possible on Windows 8 and newer, but the explorer will not run if you're not logged into a regular user account (or the here discussed Admin account)

Oh I have gained access to it by accident. I formated my PC and for some reason it redirected me to the Administrator account instead of my normal user account.

Yeah about this. Once I forgot the password to my user account and I has no other accounts setup as a backup. So I enabled this admin account from the recovery (by selecting cmd) . I changed the password for my user account and then created another account to be used as a backup

I like your background colors so much! And the video quality got so much better

Appreciate the knowledge shared on this topic ThioJoe! Quite useful 👍