Windows 8/8.1 and Windows Server 2012/R2: ‘Application’ can’t be opened using the Built-in Administrator account

Hi guys,

If you are familiar with Linux you already know that you should never run Applications as ‘root’, doing so on a web browser or IRC Client can compromise your security and put you at risk, but sometimes you want to do that specially if really know what you are doing in a controlled environment.

On Windows environments the Linux ‘root’ account equivalent is the Built-in ‘Administrator’ account, if you are the kind of Sys Admin guy that manages Production environments with such accounts please be sure you report that back to your manager so that he can shoot you in the head and he does that twice just to be sure you’ll never do it again. THAT’S LAME!

So as you go along with Windows 8/8.1 and Windows Server 2012/R2 you will notice several security tweaks that came out of the box, one of those is that Built-in Administrators are unable to run Modern UI Apps, it has been restricted through the Local Security Policies.

Here are some examples:

Store can’t be opened using the Built-in Administrator account. Sign in with a different account and try again

Capture

While running Windows update (e.g. on WS 2012 R2 w/ Desktop feature installed) – Internet Explorer can’t be opened using the Built-in Administrator account. Sign in with a different account and try again

Capture1

To workaround on this just do the following:

1. Modify the Local Security Policy

Open ‘cmd.exe’ with Elevated privileges and run:

secpol.msc

On the ‘Local Security Policy’ Window, expand:

Security Settings –> Local Policies –> Security Options

Scroll all the way down on the right pane and set the following Local Security Policy to ‘ENABLE’:

User Account Control: Admin Approval mode for the Built-in Administrators Account

image

2. Edit/Verify the Registry

Run ‘regedit.exe’ and Edit or Verify the following Key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
Value type: DWORD 32bit
Value name: EnableLUA
Value data: 1 (hex: 0x00000001)

image

3. Reboot the Machine

Now you should be able to run Modern UI Apps with Built-in Administrator accounts.

R-Tape Loading error,
Luís Rato

Anúncios

~ por Luis Rato em 7 de Outubro de 2013.

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da WordPress.com

Está a comentar usando a sua conta WordPress.com Terminar Sessão / Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão / Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão / Alterar )

Google+ photo

Está a comentar usando a sua conta Google+ Terminar Sessão / Alterar )

Connecting to %s

 
%d bloggers like this: