On XP & Vista, Windows used to make you create an Admin account at the start. What it didn't tell was that one actually already exists (with the name 'Administrator') but you can only see it if you boot into safe mode.This annoyed my for two reasons:1) By default everyone's computer is insecure. I can probably log onto anyones laptop at my Uni, because most won't know about the Admin account in safe mode and so won't have set the password2) Windows would not accept the built-in admin account as an admin account when it requires you have at least one admin account installed - windows actually forces you have two admin accounts (again pretty stupid)Can the safe mode administrator be deleted in Windows 7? Or used as the admin account in normal mode as well.It's common sense to make people have one admin account, but it seems like idiocy forcing people to have 2 (and not telling people about the other one)In fact I'd go on further and say this has been a terrible mistake previously by MS. You must inform the user of the built-in admin account and make them set a password.

Since Vista the built-in administrator account is disabled by default. No one can use it unless it's purposefully enabled. It's considered the most insecure because it runs in XP admin mode (no UAC).

Hi, Regarding the built-in administrator account in Windows Vista, I would like to share the following information with you. 1. The built-in administrator account is disabled by default in Windows Vista on new installations. 2. On non-domain joined computers, when there is at least one enabled local administrator account, safe mode will not allow logon with the disabled built-in administrator account. Instead, any local administrator account can be used to logon. If the last local administrator account is inadvertently demoted, disabled or deleted, safe mode will allow the disabled built-in administrator account to logon for disaster recovery. 3. On domain joined computers, the disabled built-in administrator account cannot logon in safe mode. By default a user account that is a member of the Domain Admins group can log on to the computer to create a local administrator if none exists. If the domain administrative account had never logged on before, then the computer must be started in Safe Mode with Networking since the credentials will not have been cached. Once the machine is disjoined, it will revert back to the non-domain joined behavior depicted previously. Regarding the built-in administrator account in Windows 7, you can try to take the following steps to enable it. 1. Open a command prompt in administrator mode by right-clicking and choosing "Run as administrator". 2. Run following command: net user administrator /active:yes You should see a message that the command completed successfully. Log out, and you'll now see the Administrator account as a choice. Hope it helps.

What do you do if the computer account has been removed from the domain and the local administrator account is disabled and you have not logged on with a domain admin account before?Alan Burchill (MVP) http://www.grouppolicy.biz

So i answered my own question... and then i blogged about it... http://www.grouppolicy.biz/2010/10/how-to-enable-a-disabled-local-administrator-account-offline-in-windows-7-even-when-using-bitlocker/ If you have you local admin account disabled it is possible to re-enable it using Windows PE...Alan Burchill (MVP) http://www.grouppolicy.biz Follow me on twitter @alanburchill