Geeks in Phoenix

Geek Blog


How to enable the local administrator account in Windows without logging in

Having a Standard user account in Windows is great for security, as it prevents malicious software from installing. But what happens if you need to install software and do not have administrative privileges? Here is how to enable the local administrator account in Windows without logging in.

How to enable the local administrator account in Windows without logging in

I recently had a customer with a somewhat unique problem; she needed to install software on her computer, but her user profile was only a Standard user. She shared the computer with her husband; his account was an Administrator user, and he used a Microsoft account for logging in.

But unfortunately, her husband passed away, and she proceeded to take care of her husband's affairs. In the process, she disconnected his cell phone and deleted his e-mail address. It was not until she needed to install some software on her computer did she realize she did not have administrator privileges.

The easiest thing to do would be to perform a clean installation of Windows. But since there was tax software that she could not reinstall, wiping the drive and reinstalling Windows was the last option.

And since all forms of recovering her husband's Microsoft account were gone, the only thing to do was enable the hidden local administrator account and change her account from Standard to Administrator. Since her account was only a Standard user, using a NET command line was impossible, so this would take a little more work.

Note: The following procedures require Windows installation media, editing the registry, and the BitLocker decryption key (if your drive is encrypted). Editing the Registry incorrectly can cause your computer to have errors and possibly not booting. If you do not feel comfortable editing the registry, please get in touch with a local computer technician for assistance.

The first step is to create the installation media, which will require a USB drive 8GB or larger. You will need administrative privileges to make the media, so you may need to create the media on another Windows system with a user with administrator privileges.

Create Windows 11 installation media

Create Windows 10 installation media

The second step is to check if the drive in your computer is BitLocker encrypted. The easiest way to find out if any of your drives are encrypted is by checking their properties in File Explorer.

  1. Open File Explorer using one of the following:
    1. Left-click on the File Explorer icon (manilla folder) on the Taskbar.
    2. Press the Windows logo key Windows logo + E at the same time.
    3. Use the Power User menu by right-clicking on the Start Windows logo button and selecting File Explorer.
  2. In the left-side column, left-click on This PC.
  3. In the right-side column, check the icons for the drives. Drives that are encrypted should have a little padlock in the icon.

If your drive is BitLocker encrypted, use the following link to log in to your Microsoft account and find your recovery key. If another person set up your computer, they might have the recovery key inside their Microsoft account. Once you get the BitLocker recovery key, print it out or write it down for future use.

Locate my BitLocker recovery key

Next, you will need to boot up your computer using the installation media. The easiest way to do this is to use the Advanced Boot Options. Make sure you have the Windows installation media connected to your computer before proceeding so that it will appear as a bootable device listed in the Advanced Boot Options.

How to get to Windows 11 Advanced Boot Options

How to get to Windows 10 Advanced Boot Options

Once you get to the Advanced Boot Options, select Use a device and choose the media you created earlier. Your computer will restart and boot from the installation media.

  1. When the Windows Setup dialog box appears, left-click on Next.
  2. On the following dialog box, left-click on Repair this computer. At this point, you may be prompted for a decryption key. Input it in the space provided and continue.
  3. On the Choose an option page, left-click on Troubleshoot.
  4. On the Advanced options page, left-click on Command Prompt.
  5. In the Command Prompt, type regedit and press Enter.
    Starting the registry editor from a command prompt
  6. In the Registry Editor, highlight HKEY_LOCAL_MACHINE in the left-hand column.
    HKEY_LOCAL_MACHINE selected in the registry editor
  7. With HKEY_LOCAL_MACHINE highlighted, pull down the File menu and left-click on Load Hive ....
    Load hive selection in the registry editor
  8. Locate the local drive that has Windows installed on it, then navigate to the Windows>System32>config folder.
    Drop down menu showing the Windows folder location
  9. Left-click on the file named SAM (Security Account Manager) and select Open.
    Selecting the SAM hive to load
  10. When prompted for a Key Name, give it a unique name (we used TempSAM) and select OK.
    Load hive key name
  11. Expand the registry hive you just attached, and navigate to:
    Computer\HKEY_LOCAL_MACHINE\WhateverYouNamedYourHive\SAM\Domains\Account\Users\000001F4
    The registry editor open to the F binary value
  12. Double-click on the F binary value to edit it.
    The default 00000038 binary value
  13. In the Edit Binary Value dialog box that appears, change the value at 00000038 from 11 to 10, then select OK.
    The modified 00000038 binary value
  14. Close the Registry Editor and restart your computer.

The local administrator account should now appear as a logon option and has no password by default.

Free computer diagnostics

Repairing a PC can sometimes be expensive, and that is why we offer free basic in-shop diagnostics. Give one of our professional and experienced technicians a call at (602) 795-1111, and let's see what we can do for you.

Check out our reviews

Geeks In Phoenix LLC, BBB Business Review

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. We aim to give the highest quality of service  from computer repair, virus removal, and data recovery.

Bring your computer to us and save

Repairing a computer can be time-consuming. That is why we base our in-shop service on the time we work on your computer, not the time it takes for your computer to work! From running memory checking software to scanning for viruses, these are processes that can take some time.

Contact us

If you have any questions, please feel free to give us a call at (602) 795-1111  and talk with one of our Geeks. Or you can send us a message from our contact page contact page , and one of our Geeks will get back to you as soon as possible. Or you can stop by and see us. Here are our hours and location.

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube