Renaming the Administrator Account

**razormoon** · August 15, 2007

OK THE FOLLOWING HAS BEEN TESTED AND WORKING!!!

HOW TO:

Renaming the god-mode Administrator account and Unattended Vista install.

You only need to do this once!

Do the following in the order shown!!!

First:

Click Start >> Run and type 'MMC' and Enter

Click File >> Add/Remove Snap-in...

In the left Window, scroll down and

double-click Security Configuration and Analysis

double-click Security Templates

Click OK

Second:

Create a new Security Template by:

Expand Security Templates

Right-click on default path (should be "%userprofile%\Documents\Security\Templates)

Click New Template...

Type "unattend.inf"

Hit Enter

Create a new database by:

Right-click Security Configuration and Analysis

Click Open Database...

Type "unattend.sdb" This directory is %userprofile%\Documents\Security\Database

Hit Enter

Type "unattend.inf" This directory is %userprofile%\Documents\Security\Templates

Hit Enter

Third:

Enter new Security changes:

Expand Security Templates >> %userprofile%\Documents\Security\Templates >> unattend >> Local Policies >> Security Options

Double-click Accounts: Administrator account status

Tic the box "Define this policy setting in the template"

Radio "Enabled"

Click OK

Double-click Accounts: Rename administrator account

Tic the box "Define this policy setting in the template"

Enter new Administrator name

Hit Enter

Make any other changes you wish:

UAC: Admin Approval Mode... = FilterAdministratorToken Should be disabled

UAC: Behavior of the elevation prompt for admin... = ConsentPromptBehaviorAdmin

UAC: Behavior of the elevation prompt for standard... = ConsentPromptBehaviorUser

UAC: Run all administrators in Admin Approval Mode = EnableLUA Should be enabled (Adversely affects Std Users!)

Close MMC

You don't have to save console settings if you don't want to, but you must save changes to template!

Remember, your new database and template should now reside in %userprofile%\Documents\Security\Database and

%userprofile%\Documents\Security\Templates respectively. Be sure to save the template changes.

Now you must edit INSTALL.WIM!

Mount INSTALL.WIM

imagex /mountrw x:\sources\INSTALL.wim 1 x:\temp "1" depends on your own image file

Copy the CONTENTS (ie; Database and Templates folders) of %userprofile%\Documents\Security folder to x:\temp\Windows\Security

Unmount and commit INSTALL.WIM

imagex /unmount /commit x:\temp

The above should be done before any unattend programs such as vLite and VistaUA.

Also, a pre-existing database file named SECEDIT.SDB exists in INSTALL.WIM. This is fine and you should not overwrite, delete or otherwise alter

this file!

HERE YOU MAY USE VLITE, VISTAUA, CUSTOMIZATIONS, ETC >>>>>>>>>>>>

WITH NO NEED FOR THE ABOVE REGISTRY TWEAKS

Add the following to setupcomplete.cmd (in \sources\$oem$\$$\setup\scripts\):

CMD /C secedit /configure /db %systemroot%\security\database\unattend.sdb /cfg %systemroot%\security\templates\unattend.inf /log %systemroot%\security\logs\unattend.log /overwrite /quiet

Add/Change the following to your PRE-EXISTING autounattend.xml !!!!PRE-EXISTING!!!!

If you already have an oobesystem pass in your autounattend, just add the items within.

<Value>"YOUR ADMINISTRATOR PASSWORD HERE"</Value>

</AdministratorPassword>

</UserAccounts>

<Username>"YOUR RENAMED ADMINISTRATOR ACCOUNT HERE"</Username>

<Value>"YOUR ADMINISTRATOR PASSWORD"</Value>

</Password>

</AutoLogon>

</component>

</settings>

NOTE: YOU DO NOT HAVE TO AUTOLOGON TO THE RENAMED GOD ACCOUNT, BUT THEN WHAT'S THE SENSE OF DOING ALL OF THIS?

If you have a better, faster and/or easier way of doing this, then I just wasted my time.

Brought to you by razormoon

Edited December 14, 2007 by razormoon

**razormoon** · August 16, 2007

If anyone can test if you can change the name in unattend.inf 'on the fly' (ie; if you can parse and edit name without going through the whole spiel) that would be greatly appreciated

**MAVERICKS CHOICE** · August 16, 2007

Just seems like a lot of c...ing around to me... hey but whatever does it for ya.

**razormoon** · August 16, 2007

Just seems like a lot of c...ing around to me... hey but whatever does it for ya.

Sure, it takes a lot, but once it's done to a fresh 'vanilla' image you don't have to do it again.

**razormoon** · August 17, 2007

I'm thinking that instead of injecting security folders into wim, one can conceivably store them in $OEM$\$$\Security. Much faster and easier. Also conceivable is that one can run the secedit command from AuditUser pass, no?

**MAVERICKS CHOICE** · August 18, 2007

I'm thinking that instead of injecting security folders into wim, one can conceivably store them in $OEM$\$$\Security. Much faster and easier. Also conceivable is that one can run the secedit command from AuditUser pass, no?

Sounds good here.

**Largo** · August 19, 2007

If you have a better, faster and/or easier way of doing this, then I just wasted my time.
Brought to you by razormoon

I tried several ways to do it (mainly with 3rd party tools and scripts) and arrived at the same secedit method.

During Vista deployment, the built-in administrator account is always renamed "administrator" or localized equivalent (administrateur in french), that's why one have to execute secedit after deployment.

I will try to use the SetupComplete.cmd file.

Razormoon> you should wrap your text in code tags to preserve your formatting with spaces/tabs.

Thanks for sharing your input!

Largo.

**razormoon** · August 19, 2007

I will try to use the SetupComplete.cmd file.
Razormoon> you should wrap your text in code tags to preserve your formatting with spaces/tabs.
Thanks for sharing your input!
Largo.

Honest to goodness, I usually wrap my code. Thanks for reminding me!

The SetupComplete method works like a charm.

**razormoon** · August 25, 2007

$OEM$ folder method tested and not working.

Edited August 25, 2007 by razormoon

**MAVERICKS CHOICE** · August 25, 2007

Back to the drawing board then....

**razormoon** · August 26, 2007

Not so bad. Injecting into install.wim works fine it just takes a little more time...

**c2483** · October 1, 2007

Can someone help me?

I've followed this guide a few times but always get the same problem?

On first boot up, it can't log in. So I click ok and enter the password and still cannot log in.

The name I changed admin to appears right on the log in screen.

<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
  <settings pass="windowsPE">
    <component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <SetupUILanguage>
        <UILanguage>en-US</UILanguage>
      </SetupUILanguage>
      <InputLocale>00040408</InputLocale>
      <UserLocale>en-US</UserLocale>
      <UILanguage>en-US</UILanguage>
      <SystemLocale>en-US</SystemLocale>
    </component>
    <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <UserData>
        <FullName>Charles Watson</FullName>
        <AcceptEula>true</AcceptEula>
      </UserData>
    </component>
  </settings>
  <settings pass="oobeSystem">
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <AutoLogon>
        <Password>
          <Value>......</Value>
          <PlainText>true</PlainText>
        </Password>
        <Enabled>true</Enabled>
        <LogonCount>3</LogonCount>
        <Username>Charles</Username>
      </AutoLogon>
      <OOBE>
        <HideEULAPage>true</HideEULAPage>
        <NetworkLocation>Home</NetworkLocation>
        <ProtectYourPC>1</ProtectYourPC>
        <SkipMachineOOBE>true</SkipMachineOOBE>
        <SkipUserOOBE>true</SkipUserOOBE>
      </OOBE>
      <TimeZone>Eastern Standard Time</TimeZone>
      <UserAccounts>
        <AdministratorPassword>
          <Value>......</Value>
        </AdministratorPassword>
      </UserAccounts>
    </component>
  </settings>
  <settings pass="specialize">
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <ComputerName>charles-pc</ComputerName>
    </component>
    <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <SkipAutoActivation>true</SkipAutoActivation>
    </component>
  </settings>
  <cpi:offlineImage cpi:source="wim:D:/System/Vista/6001.16659.070916-1443_x86fre_Client_en-us-FB1CFRE_EN_DVD/sources/install.wim#Windows Vista ULTIMATE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>

**razormoon** · October 1, 2007

Are you sure you have defined your security policies in \Windows\Security? Checked all the necessary options? If so, did you inject into install.wim and made a call to secedit from setupcomplete.cmd? I've heard of some users having trouble with the setupcomplete.cmd method. What you can do is move that call from the setupcomplete.cmd and put it in your autounattend.xml as such in <settings pass="specialize">:

        
<component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Order>1</Order>
                    <Path>CMD /C secedit /configure /db %systemroot%\security\database\unattend.sdb /cfg %systemroot%\security\templates\unattend.inf /log %systemroot%\security\logs\unattend.log /overwrite /quiet</Path>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>

In the meantime, I'll just edit the above to make the call from autounatted.xml as opposed to setupcomplete.cmd.

EDIT: THE ABOVE DOES NOT WORK FOR ME SO REVERTING ORIGINAL POST TO SETUPCOMPLETE.CMD

Edited October 3, 2007 by razormoon

**godinger** · November 30, 2007

You could also call renuser.exe (not a MS utility, but free) via a sync script in OOBE phase. This avoids having to modify the original image. This is how I do it and it works without issue.

**oidicle** · December 7, 2007

Hi razormon, I've folowed your guide up to the part where I mount the Install.wim...

I can't seem to find that "x\temp" folder you referenced, I'm assuming the "x" is the the drive path or systemdrive... I've searched all my drives and there's no "temp", must I create it myself or what? I just need to drop those files I've created, the only thing that shows on the install.wim is "components" and "Packages"

please advise

nevermind, I've figured it out... but there's still one prob though, I don't have the "setupcomplete.cmd" file, is it really necessary, how do I create it?

Edited December 7, 2007 by oidicle

Sign In

Renaming the Administrator Account

Recommended Posts

razormoon

razormoon

MAVERICKS CHOICE

razormoon

razormoon

MAVERICKS CHOICE

Largo

razormoon

razormoon

MAVERICKS CHOICE

razormoon

c2483

razormoon

godinger

oidicle

Please sign in to comment

Recently Browsing 0 members

Activity

Browse