Windows Enterprise Desktop

Jan 7 2019   10:25AM GMT

Potential 1809 Admin Lockout Discovered

Ed Tittel Ed Tittel Profile: Ed Tittel

Tags:
Troubleshooting
Windows 10
Windows Upgrades

Here’s an interesting and new possible gotcha for Windows 10 1809, courtesy of Martin Brinkmann at Ghacks.net. It’s not inevitable, merely possible. The gotcha depends on two conditions to manifest. Condition 1: the built-in Administrator account is enabled (it’s disabled by default in Windows 10). Condition 2 is it’s the only account with admin level access a PC upgrading from 1803 to 1809. Should both conditions hold true, users of affected PCs would be devoid of admin-level access on those machines. That’s why I assert that a potential 1809 admin lockout discovered could pose problems for some PCs.

Potential 1809 Admin Lockout Discovered.nihoreport

For those who read Japanese, the original report from the Network & AD Support team in that language may make sense.
[Click image for full-sized view.]

Avoiding the Potential 1809 Admin Lockout Discovered

The easiest way to steer clear of this gotcha is to make sure to disable the built-in Admin account on 1803 PCs before upgrading them to 1809. Of courseĀ  the PC needs at least one other account with Administrator privileges. This prevents the problem from occurring altogether. According to Brinkmann’s article: “MS reveals that it is working on a solution for the issue.” In the meantime, they recommend avoiding upgrades on PCs where the built-in admin account is the only elevated account defined or available.

Here’s a quick way to check. Run Manage Accounts in Control Panel, then click “Manage another account.” You’ll see a list of accounts and their privilege levels appear in response. You want to see at least one account that’s not named “Administrator” with Administrator privileges to avoid the possibility of an admin lockout on a PC upgraded from 1803 to 1809. Then, it’s safe to proceed. Safer still, you could temporarily disable the built-in Admin account before upgrading, then re-enable it afterward.

Potential 1809 Admin Lockout Discovered.accounts

For various reasons, my production PC has two Administrator level accounts enabled: my usual login, and an “extra.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: