Executive summary questions: With Windows 7, what are the functional differences between the built in Administrator account and a domain account put into the local admin group? Is there a way to make a domain account put into the local admin group equivalent in powers to the built in Administrator (as it was in XP)? [*without* disabling UAC, as I saw one suggestion in another thread] Is there any official documentation/MS Whitepaper that delves into this topic? Slightly longer rambling: I've been frustrated by situations where we need to use the local administrator account to accomplish some task or install certain software. The password to builtin\administrator is NOT something I want to be passing around to the entire IT department. If one does an Internet search on "build in administrator Windows 7" (or something along that line) there is a lot of off-the-cuff discussion about how the built in administrator is different in that it is not a split token (as with accounts put into the local administrators group), but I haven't seen any authoritative references, discussion or documentation about what exactly "builtin\Administrator" can do but "domain\AdminInLocalAdminsGroup" cannot, or how the latter account can be given equivalent powers to the former. If anyone can answer the above questions and/or point me to a really good resource on this topic (I've searched the MS web site, MS Premier and the net in general) they will have my eternal gratitude.

Hi, We can make a domain account put into the local admin group, you can install/uninstall or update without problems. There are three kinds of accounts, built in Administrator, domain administrator and domain account in local admin group. Domain admins are automatically members of the local Administrator group but not vice versa. This means that a local admin has no access to servers or other PCs unless the account names & passwords are synchronized. If the local network disconnect and the cache is refreshed, sometimes you will find that the built in Administrator can logon but the domain\Admin in local admin group cannot.

Thanks for your reply. I'm aware of the differences between local and domain accounts, the issue is that in Windows 7 a domain account that is a member of the local administrator group (whether automatically by virtue of being a Domain Admin or not) does not have the same powers on the machine as the built in Administrator. I want to know exactly what those practical differences are (e.g. registry keys that can't be modified, etc) an what can be done to make Windows 7 non-built-in-but-local-administrators behave just like XP/Win2K/NT.

I'm sorry but I don't ask the question because of UAC. I ask the question because we've run into engineering matters where only the local admin account count accomplish a task. I'll just get the specifics and open a ticket with technical support.

Hi, Usually there is no problem to accomplish some task and install certain software with local administrator account. So could you describe your task or installation detailedly?

Hi, I think that maybe UAC is the reason why you ask this question. If you disable UAC in Winodws 7, the non-built-in but loacal administrator behaves no difference between Windows 7 and Windows XP. There is only one built-in Administrator but you may create lots of accounts in local aministrators group. As we all know, the SID of built-in and other administrators are different. This makes for bad programming logic by third party. So UAC has been designed since Windows Vista. User Account Control Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc709691(v=ws.10).aspx Hope that helps.

Hi, Was hopping a clear answer, thanks for people trying to help, but always the same Captain Obvious answers (IVan-Liu, you seem very nice but do you really read what Bill_Ky wrote ? "usually there is no problem to accomplish some tak and install certain sw with local admin account" are you serious dude ? that's exactly what Bill_Ky is explaining since the beginning !). let me try to explain it as simple as possible : => When using a domain account, that is well added in local admins group, and so, supposed to have admin rights, I am not able to install certain programs (not all of them, only some) while using the local administrator account allow me without any problem. WHY ? Right click "run as admin" does not help, disabling UAC neither. UAC prompt or not, UAC enabled or not, I can do one thing with local admin, not with an account part of local admins group. Still waiting for the real specialist to answer this...