I made the account TOM when Win7 first boot up. But is it possible to give it the real ADMIN rights?

The only way to do it would be to unlock the Admin Account. Just creating a User will give it the same rights as the account created at install.~Alex T.~Windows Desktop Experience MVP~

but if I unlock the ADMIN account thru GPEDIT will that mean that the current user which belongs to ADMIN group will also have the real ADMIN permission?

The answer to your question is, honestly, I dont think so. I think every version of Windows from Vista onwards (XP had protected system files too, however these where not as harsh or bothersome) has no way to truly take Admin rights over the PC. The above method may appear to allow you to do so but I believe that some part of the OS 'will be watching you'.

Turning off the User Accounts Control will not give you the full admin rights of the default admin account. It would, however, make it impossible for your current admin to do anything powerful. If you want full admin rights without the UAC, the only way is the default account. It's a Big mistake to use that. Use the UAC. Rating posts helps other users Mark L. Ferguson MS-MVP

The "real" administrator account as you refer to is called the built in Administrator account or the "500" account. No other user even with administrator rights has the same rights as the built in administrator account or the "RID 500" account.Please, if you want to be an administrator, run XP. Don't do it in Vista nor in Windows 7. There's a reason that we need to stop running with the true administrator rights. It blocks malware, bad guys and all around stupid things we do.Bottom line, if you truly want to be "God" on your system, run XP. It's time we ran our systems with a appropriate and responsible user rights.

but I would still like an option to be able to change whatever I want if I want it too.

Well, actually you can change virtually "anything" if you have access to an account that is member of the Administrator group. It has been best practice to do everyday work with an ordinary user account (or, more explicitly: Without Admin rights) since the early days of Windows NT. That means: It has been in XP as well.In Windows 2000 and XP you had the option to run programs selectively as an administrator without having to logoff and logon with a different account. The tool to use was "runas".Now, UAC makes it a little easier to use this "runas" feature. You just log on as an ordinary user. If you want to do something that requires Admin rights, Windows will recognize that in most cases and prompt you to specify an Admin account for the action. Should Windows not recognize what you're trying to do - just launch your tool explicitly as an Admin using a right-click. That will help in almost all cases.If you come across a situation where even this is not helpful you're very likely about to start something that will cause trouble. In my view, there is (almost) no need for a "God" mode that you knew in XP and before.Nils Kaczenski MVP Directory Services Hannover, Germany

Hi, I had a problem where I needed the full admin account. I did some research and found that Vista had a same problem and the solution carries over to W7 as well.Go to start menu, search for "cmd" right click on the dos box and run as administratortypenetuseradministrator/active:yesand restartto disabledo the same starting step but this tinenetuseradministrator/active:noEdit: Sorry didn't read your question wrong. But if you want full admin rights, then this seems to be the only way.

What are you not able to change that you can't do now? What specific tasks are you not able to do?

Mark L. Ferguson said:It's a Big mistake to use that. Use the UAC. Can I ask why? I have had UAC disabled on W7 since I installed the Beta and on Vista Ultimate since it's original release and have never had any issues.

Will01 said: Mark L. Ferguson said:It's a Big mistake to use that. Use the UAC. Can I ask why? I have had UAC disabled on W7 since I installed the Beta and on Vista Ultimate since it's original release and have never had any issues. Well, certainly you won't have any "issues" in respect to usability or whatever. The point is that you're running your Windows 7 or Vista on an undesirable security status. UAC is designed to protect the system from a number of attacks and from unintended changes. Some of those can certainly be avoided by a precautious user. But some attacks are more sophisticated and can effectively be blocked by UAC.Basically, UAC is meant to make it easier for users to do their daily work as non-admins. (You could as well say: To force users to work as non-admins.) Before UAC most home users and a big part of business users would do everything as admins. This is what made Windows computers so vulnerable. Working as a non-admin greatly reduces a huge part of security risks. From my point of view, UAC is a good approach to raise the overall security level and if you use it as intended you can work very comfortably. And: Yes, UAC is not "the" security tool, it is just one element in individual security strategies.Use your favorite search engine to find loads of articles on the intent and advantages of UAC. (You will, of course, as well find many negative comments. This has been one of the most discussed topics since Vista hit the world.)Nils Kaczenski MVP Directory Services Hannover, Germany

Perhaps I should of been clearer. But by 'issues' I meant virii, spyware, keyloggers etc...which I have never had. I have a good firewall and good Anti-Malware programs and such. I can certainly see the point of UAC for Computer illiterite folks or for those who perhaps run some form of webserver. But the average user does not get 'targetted' on a daily basis. I just feel UAC is very intrusive. For example, I use cFos traffic shaping on all of my boxes. With UACactive it will prompt me 3 times while I install this. Yet with UAC off it prompts me once for the driver install which is where the real security risk lies imo. So if the computer is still prompting you technically UAC is never really off. Which I dont mind, having to confirm a driver is being installed is something I am happy to know about. However, the fact that I have clicked an exe file is not something I really need to know. I mean, I clicked the thing, I wouldn't click it without knowing what it was for. I understand the lay user may activate an exe without knowing what it does, however, the same lay user will more than likely tell UAC to 'allow' this as well. Or have I mis-understood it, what other protection is UAC providing?

I guess we could infinitely continue this discussion.I regard myself as very knowledgeable concerning Windows. Despite this, I have been working as a non-admin user for years now (I started this in Windows 2000), and now in Vista and 7,I still work as a non-admin. UAC makes work pretty much easier than it was with runas.Even if I do work with an admin account I leave UAC on. No, I never had a case where something was happening that I had not started and that only UAC had informed me about. And yet I feel better that there's some extra surveillance now. Different from you (and most UAC critics) I really do not see why doing one extra click on the installation of something or on some config change could be any kind of annoyance. Just click it (in AA mode) or specify the correct credentials (in OTS mode) and you're done. After the initial setup phase of a system UAC really does not ask you that often. And in Windows 7 it even asks less frequently (although I'm not quite sure if I like this change).This is my opinion. Yours is different. That's okay.Nils Kaczenski MVP Directory Services Hannover, Germany

Nils, I have come to find out that there will be people who will insist on doing things a certain way for whatever reasons they have. Of course, when the PC gets blasted or becomes a zombie, these same people then want to blame the OS for all of their troubles. Being an experienced systems engineer, I find that most OS issues are really related to user missteps. That goes for Windows, OSX, or *nix. Of course there are things that are OS related, but when people purposefully set out to disable security features, there is nothing that anyone can do.

gpedit.mscComputer Configuration/Windows Settings/Security Settings/Local Policies/Security OptionsUAC: Run all admins in Approval Mode -> DisabledReboot???Profit

To all of those who think that running with the highest privileges all the time is safe I'll ask this. Are Linux and OS/X (Unix) considered more secure than Windows? Why do you think that is? Hint: it has something to do with user privileges and file permissions among other things. Kerry Brown MS-MVP - Windows Desktop Experience

Mr. Kerry_Brown, I respect your point of viewand actually completely agree with you. I think that the security model introduced in Vista and refined in W7 is an absolute Godsent. Most of us, as many here noted, have neitherperceived nor actual need to run their session in full admin mode. I do applaud Microsoft for finally figuring out and implementing someting that Windows' users can actually use effectively. The hurdles one had to jump thru in previous incarnations (XP/2k) were not just impeding work, they were often making it impossible. Thus pretty much everyone was running an administrative account. With Vista and now 7, things are different. At most you're prompted to approve certain restricted action or maybe enter the password. Big deal.You're neither prohibitednor reported to authorities, mearly a node of approval. It's not a limitation, it'staking control of your system and asmall price to pay.To say that this OS is safer in the order of magnitude is an understatement. For years I ran a firewall which would prompt me to approve certain connections and it wasn't just on occasion, once every blue moon, but that is the way I liked it - I wanted to be in control of my LAN communication. But you see, it was in fact my choice to set things up/leve them bethis way. I saw value in that protection and so decided to use it. As such, and because of the things I either do with, or to my computers I may at the very least see UAC as redundant and unnecessary and since it is so, any price to pay may be too much. Now, it is irrelevant what it is thatI do with my computers that an approval prompt would madden or impede me, it is irrelevant whether that procedure actually does affect me at all. What is relevant is whether I want it. Let's just say that I'd liken it to selling you a car in Florida with mandatoryrust protection option. Some might even see value in that, some most definitely won't and no amount persuasion will convince them otherwise. Some, like me, have no need foractive virus scanners, mallware scanners, parental controls,file system restrictions etc. We implement security via other means and tools and the way we go about doing things. Either that, or we simply do not care.I'm not insisting others do as I do, they may not like it at all actually, therefore please educate but do to not insist I do as you do. We're different users, with different modus operandi.I wouldn't say that running without UAC is safe, but then I wouldn't say that it isn't.It really depends on what it is you do.What I would say (in my own case) is that to me it is irrelevant. I understand and have assumed certain risks and am prepared to consider possible consequences. But why? Well, that is for me to decide. It is the same reason why one walks the street without a stylish, protective bubble or we're (still) allowed to drive our own cars. Not everything is about safety or thinking of the children. There's a reason why race cars do not have airbags, and many (ordinary)people would fail to understand why. All that my drivel is about, is that in the end we as people and users should be allowed a choice in matters affecting their interaction with the computer.And thankfully, the choice is still present in 7. For that I at least, am grateful. YMMV.

Kerry_Brown said: To all of those who think that running with the highest privileges all the time is safe I'll ask this. Are Linux and OS/X (Unix) considered more secure than Windows? Why do you think that is? Hint: it has something to do with user privileges and file permissions among other things. Kerry Brown MS-MVP - Windows Desktop Experience Dont get me wrong Kerry. I agree with the principal of UAC. I disagree with it's implementation. For Ex. I have used many Linux Distro's, at the beginning of a fresh install I like to install all the applications I will use so as the PC is 'ready to go' and I can do whatever I like on it without installing things as I got along. On Linux I can install away with the distro carefully looking over my shoulder and prompting me if I make a mistake. W7 and Vista on the other hand prompt me every step of the way. I appreciate this is a small thing, but to me, it becomes annoying if I have to click allow every time I try to install my AV, or Anti-Spyware or even WinRAR. Another thing that annoys the HELL out of me with UAC is DC++. With UAC on everytime a new build comes out it blocks it from Downloading, Searching etc. So I have to go in and reset UAC manually to re-allow it. This is just downright annoying, I mean, I have had DC++ installed for a long time and at times new build's are coming out weekly. So I have to go in and re-teach UAC that I trust this application. Even though it should very well KNOW I've been using it for months and it is the same application with a new version of the exe to run on.

basically no one took the time to take the time to fill in the password for admin at the time of set up..other OS how ever have used the "forced method" way befor MS had began this "forced non-admin approach" I agree with this aproach, how ever I dissagree having to have a bab sitter...

Luna Tick said: Mr. Kerry_Brown, I respect your point of viewand actually completely agree with you. I think that the security model introduced in Vista and refined in W7 is an absolute Godsent. Most of us, as many here noted, have neitherperceived nor actual need to run their session in full admin mode. I do applaud Microsoft for finally figuring out and implementing someting that Windows' users can actually use effectively. The hurdles one had to jump thru in previous incarnations (XP/2k) were not just impeding work, they were often making it impossible. Thus pretty much everyone was running an administrative account. With Vista and now 7, things are different. At most you're prompted to approve certain restricted action or maybe enter the password. Big deal.You're neither prohibitednor reported to authorities, mearly a node of approval. It's not a limitation, it'staking control of your system and asmall price to pay.To say that this OS is safer in the order of magnitude is an understatement. For years I ran a firewall which would prompt me to approve certain connections and it wasn't just on occasion, once every blue moon, but that is the way I liked it - I wanted to be in control of my LAN communication. But you see, it was in fact my choice to set things up/leve them bethis way. I saw value in that protection and so decided to use it. As such, and because of the things I either do with, or to my computers I may at the very least see UAC as redundant and unnecessary and since it is so, any price to pay may be too much. Now, it is irrelevant what it is thatI do with my computers that an approval prompt would madden or impede me, it is irrelevant whether that procedure actually does affect me at all. What is relevant is whether I want it. Let's just say that I'd liken it to selling you a car in Florida with mandatoryrust protection option. Some might even see value in that, some most definitely won't and no amount persuasion will convince them otherwise. Some, like me, have no need foractive virus scanners, mallware scanners, parental controls,file system restrictions etc. We implement security via other means and tools and the way we go about doing things. Either that, or we simply do not care.I'm not insisting others do as I do, they may not like it at all actually, therefore please educate but do to not insist I do as you do. We're different users, with different modus operandi.I wouldn't say that running without UAC is safe, but then I wouldn't say that it isn't.It really depends on what it is you do.What I would say (in my own case) is that to me it is irrelevant. I understand and have assumed certain risks and am prepared to consider possible consequences. But why? Well, that is for me to decide. It is the same reason why one walks the street without a stylish, protective bubble or we're (still) allowed to drive our own cars. Not everything is about safety or thinking of the children. There's a reason why race cars do not have airbags, and many (ordinary)people would fail to understand why. All that my drivel is about, is that in the end we as people and users should be allowed a choice in matters affecting their interaction with the computer.And thankfully, the choice is still present in 7. For that I at least, am grateful. YMMV. Htis is waht I been trying to say all along in the area of security and activation...at nay rate, yes we all are different for expample I dissabled the caching systems and a few other things, I wouldn't recomend doing this, however Up on my doing so I have a smoother opperating system and it is much happier..I have started making notes on waht I a, doing, so far after Nixing the SuperFetch, and nixing cahce, y sytems is running healthy..and I don't have laggy shut downs and laggy restarts..there are somethings that can be left out mabe let theuser chose to use certain systems settings or allow them not to use it.

Will01 said: Dont get me wrong Kerry. I agree with the principal of UAC. I disagree with it's implementation. For Ex. I have used many Linux Distro's, at the beginning of a fresh install I like to install all the applications I will use so as the PC is 'ready to go' and I can do whatever I like on it without installing things as I got along. On Linux I can install away with the distro carefully looking over my shoulder and prompting me if I make a mistake. W7 and Vista on the other hand prompt me every step of the way. I appreciate this is a small thing, but to me, it becomes annoying if I have to click allow every time I try to install my AV, or Anti-Spyware or even WinRAR. Another thing that annoys the HELL out of me with UAC is DC++. With UAC on everytime a new build comes out it blocks it from Downloading, Searching etc. So I have to go in and reset UAC manually to re-allow it. This is just downright annoying, I mean, I have had DC++ installed for a long time and at times new build's are coming out weekly. So I have to go in and re-teach UAC that I trust this application. Even though it should very well KNOW I've been using it for months and it is the same application with a new version of the exe to run on. I also use many distros of Linux. The behaviour you are talking about has more to do with how applications are written for Linux than how Linux works. Most Linux applications are written so that they can be installed in the context of a user rather than the system. In Windows, developers have taken the opposite path with most applications running in a system rather than a user context. This is an oversimplification but at the core it's a major fundamental difference in programming philosophy not the OS. Programs could be written to behave the same in Windows.Your specific example of DC++ is a perfect example of what I am talking about. If it was written to run in a user context you would never see UAC. As for UAC recognising a program update - how is UAC supposed to know if you updated the program or some malware attached itself to the program file? Kerry Brown MS-MVP - Windows Desktop Experience

Interesting Kerry, well, why is it not possible to tell UAC I trust this application regardless of whether the exe has changed? I am a beta tester for ApexDC++ and am involved in it's developement. I therefore always download from a reputible source. The chances of getting malware on the exe are virtually impossible.

Will01 said: Interesting Kerry, well, why is it not possible to tell UAC I trust this application regardless of whether the exe has changed? I am a beta tester for ApexDC++ and am involved in it's developement. I therefore always download from a reputible source. The chances of getting malware on the exe are virtually impossible. UAC is a fairly simple answer to a very complex problem. There is no way forUAC to know who or what processis changinga file with absolute certainty. All it knows is that the fileis beingchanged. UAC took the easy way out and always prompts you before allowing the change if the file is in a system area of the file system. This (so far because of Secure Desktop) guarantees that the user has control of who and what can change the file. UAC is more about giving you control rather than taking away control.There certainly may be other, possibly better ways of doing this but they would be much more complex. Complexity always reduces security. I think we'll see UAC and program development evolve over time so that eventually you'll hardly ever see a UAC prompt. Unfortunately given the way people ran Windows with elevated privileges all the time and the fact that programmers took advantage of this that time may be a ways off.To avoid UAC prompts when doing something you know is safe start the process from an elevated command prompt. Anything you run from an elevated command prompt will run elevated.Kerry Brown MS-MVP - Windows Desktop Experience