Jump to content

delete XPs forced 2nd administrator accts


Molecule

Recommended Posts

first install of XP

install goes smooth to logon screen

then it won't give me a logon screen

instead I get this bouncing bubblegum supergod ... and it won't let go and a right click go-away does not make it go away

it's some kind of a wierd MS virus? (the machine has never been on the internet)

compared to the businesslike solidity of Windows 3.111 I can't believe this is actual Microsoft product

the humiliating bouncing questionmark thingie (it's so cute! I'm very impressed!!)

requires that I choose to be bothered by popup bubbles warning me that my computer might be in danger even though it's not connected

then I have enter one to five secondary administrative level accounts, which the thingie calls user accounts (without warning that these are admin accounts)

Control Panel, User Accounts, double click secondary Admin user, doesn't have a delete option

I want only one administrator in my machine

this MS ?-bubble gumthingie requires that there are TWO!

the admin account I want has to be typed in as "Administrator" at first logon, and I want to delete all these secondary administrators, or change them from admin to limited user

can someone help a total noob

also, when I install a program like Total Commander, which doesn't have registry entries (to manage program installations), and when I want TC to be available to all users, how do I do that? do i have to install it in every user's documents and program files?

for some reason Ultradefrag installs (without option) to c:\windows\ rather than to c:\program files\ ... is that normal for XP installs?

I am such a noob ... I am totally humiliated to ask these questions.

thanks!

Edited by Molecule
Link to comment
Share on other sites


The obligation to create an administrator account at 1st logon is a limitation of WinXP Home.

You can still disable any of those with the "net user" command, or rename the built-in "Administrator". Still having 2 administrative accounts comes handy when one of them gets unusable, it makes sense.

compared to the solidity of Windows 3.111 I can't believe this is actual Microsoft product

Is this your 1st upgrade since Win 3.11 ?

Link to comment
Share on other sites

thanks Ponch!

XP Home? ... interesting?

frightening actually ... since maybe that's what I have?

I pd $160 for it (out of fear), 5-10 years ago, Microcenter (big box) and never tried to install it until now ...

installing now only to verify that some snags with 2K extensions with usb are not mobo or chipset

then I probably revert back to 2k ... tomasz86 is starting to wrap up a USP5.2 nicely

yes I loved windows 3.111 ... I'd still use it if hardware and software was available. now, I am still using 98se

I'm interested to learn that this humiliating dongle is not supposed to show up in an XP pro install ... it really does not have the look and feel of Pro, though I don't know pro from nuttin

the COA and MS envelope sticker and cd itself all say XP professional

The envelope says " Product Description: Windows XP Professional SP3 English 1pk DSP OEI CD"

the COA say "Microsoft XP Professional OEM Software"

the CD is labeled "GRTMPOEM" (i.e. default ISO name using ImgBurn)

is there a way that I confirm that I have XP pro and not XP Home?

When I right click My Computer, and select Properties, the General tab says

"Microsoft Windows XP Professional, Version 2002 Service Pack 3"

that's a very funny version number .. shouldn't it be 5.1.xxxx?

that install is built with RyanVM Integrator using QFE's UpdatePack ... maybe he added the wierd version number ... doesn't seem like he'd do that though

the files (names, sizes, dates) on my CD compare identically with downloads of XPpro images, except that my ISO is 30 meg smaller ... I figured the diffrence was the way the ISO was compiled ... thus the hash is ifferent but the file names, sizes and dates are identical

Microcenter is a huge operation .. they wouldn't do fraud ... arghhh

Link to comment
Share on other sites

Sorry my 1st statement may be false (and all you conclusions from it unfounded). I haven't performed a standard installation of XP Pro since a long time :blushing: . I can't remember whether it was possible to skip the Out of the Box Experience (OOBE) wizard or not. Still I remember there was that difference with XPHome which is relevant but now you say you have "Pro" should not affect you:

http://support.microsoft.com/?kbid=290109

+To give acces to a program to all users, it's the same as for Win2k, you put a shortcut in the "C:\Documents and Settings\All Users\Start Menu\Programs" folder or in "All Users\Desktop".

Link to comment
Share on other sites

I didn't ask how to give access to users ...

I want to know from what account do I install?

how to I encourage a program installer to place its program under C:\Program Files

(I don't want them all over the place)

I also disagree with you that x+1 admin accounts are safer than x admin accounts

and 4 admin acounts are safer than 3

and 3 admin accouints are safer than 2

and 2 admin accouints are saqfer than 1

it's the same logic

I want one admin account ... ont eh front side of the disk ti says XP pro ... but on the digitial side, it installs XP Home

I clearly have XP Home ... I just installed again

(a) there's no install screen to enter domain name and password

(B) there no account as "Administrator"

© during isntall I'm not allowed to setup an account called Administrator

(d) I can only access Administrator as Administrator in safe mode (Where i can delete other accuonts)

thank you for helping me mount that learning curve -- this is fraud and I'm putting it under a new thread

Link to comment
Share on other sites

thanks jaclaz ... I didn't see your answer before I answered above ... is that the case for all versions of XP

In 2000 you just get a logon and you have to enter passwords

In XP 2002, you can't enter Administrator as an account and you can't delete the fake administrator that you have to enter and the fake administrator that you have to enter doesn't need a password to log on

is that the standard for XP professional?

I'm opening a new thread on this ... the hologram picture side of my CD disk says "XP professional" ... the digital side of disk is XP Home

Link to comment
Share on other sites

Or "Show" on Welcome (result should be the same)...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
"administrator"=dword:00000001

Set to "0" for "Hide"...

This is what I've been using. Don't screw with the other Special Accounts. "Autologon" for it is a different story (REG entries)...

Thx, jaclaz - will try it out. ;)

FYI - nLite will allow for this by NOT entering an additional User-ID. Seeing as how you have an OEM, you might try it out but WATCH IT if you're multi-booting (auto-partitioning). However, IF you do that, the first time the Admin Account creates ANY new user it will "automagically" disappear and you have to use the methods given.

Yes, that's "standard" and you CAN access the "hidden" Admin in F8-Safe Mode.

Edited by submix8c
Link to comment
Share on other sites

It's one of the known nuisances introduced by Windows XP that all long time NT and 2K users (at the time) reported as being a senseless change.

Since the dawn of time any NT 3/4 and 2K users have logged in with the name "Administrator".

The "intended use" on a NT system of the user "Administrator" has always been that of being used ONLY in exceptional occasions and have a more "normal" account for everyday use (not unlike "root" is on a Linux system).

So, the "canonical" way has always been that of having at least two accounts one called "Administrator" with administrator powers ;) and another one (with whatever powers/privileges one sees fit).

This is because the "intended" target was "enterprise".

The fact that a number of users - normally NOT "enterprise" ones, liked to have one account only (the "Administrator" one) is marginal as it is outside the WHOLE concept of security and permissions.

But, unless you knew that an "Administrator" account existed, you were NOT prompted to login with one, as the login in NT and 2K shows only "last user logged", most people in an enterprise setup only knew it existed because they saw the "IT guy" accessing it.

XP, as I like to say, is 2K with added a toyish look but it was intended to be the one-size-fits-all for everyone, form the large company to the home user.

Among the "toyish look" added is the new login screen that actually lists all the users on the machine (together with a senseless icon).

So, instead of plainly documenting (in a proper way) WHY there should be only one (the "Administrator") account with Administrator powers and another one with lesser powers to be used everyday, the good MS guys made the choice of:

  • make the Administrator account "hidden" in XP Pro <-so that the user in an "enterprise" doesn't even know that it exists, and the IT guy makes for the user "another" account
  • make the Administrator account "hidden" in XP Home AND make it only accessible in Safe mode <- the actual reason for this is still to be AFAICR guessed properly

The actual issue being that the "classes" or "groups" of users in XP are still the same as the good ol' NT ones, as said aimed EXCLUSIVELY to the "enterprise" world.

Raise your hand you that have been elected "backup operator" or "replicator" in your house and thus have an acoount with those provileges.

Raise your hand you that have thought that "Power user" was too high a rank for your knowledge of the OS (BTW that is the "right" setting for "everyday use" of an "advanced" user)

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/lsm_local_groups.mspx?mfr=true

Besides some being, like "backup operator" and "replicator" absolutely senseless, the "default" groups have not sufficient "granularity" of the "privileges" by default accompanying these groups

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_security_default_settings.mspx?mfr=true

and creating a new group and checking all the "right" permissions is on of the biggest PITA ever invented by MS.

Obviously the "other" account was made with "very limited" privileges in the actual "enterprises" and as "full privileges" (i.e. same powers of the "Administrator") one on all the rest of the PC's (thus COMPLETELY vanifying the whole idea of "limited privileges" security in the large majority of installs).

Even in most enterprises, once the IT guy has been called n times to solve an issue or install a program by an user that had been given the plain "user" privileges, he/she got fed up and decided that it is much easier to give full power to the user and when and if the install gets screwed, re-deploy the OS form a backup or outright install it from scratch (who in IT ever cared about user's data outside the strictly complying to company policies ones?)

Since it was a complete fail, when Vista :ph34r: came out, MS, again INSTEAD of properly documenting the reasons why, tried to enforce the idea with the UAC.

And obviously, again everyone found a way to diasable UAC and going on as before. :whistle:

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

thanks submix8c ...

and jaclaz especially ... that was a beautifully clean and clear explanation of a whole lot of history ... it all starts with the minset ... and I appreciate that you understand that that's what I need to understand

the whole question of what's-an-administrator even goes back to question of, "What happened to DOS? ... That dosbox is phoney as all get out!" Gill Bates stole dos from some guy in San Francisco and then he comes out with 2K and XP and steals it back from us, after he sells it to us ... now we are left with bubblegum dos in a box ... (Thus, proudly, I am the Chief Bubblegum Administrator around here, got it boyz ... harharhar111) 3.111 workgroups gave owners contorl ... there was no sneaky dishonesty about who's hidding dos ... all gui windows are really just bubblegum sitting on top of dos ... windows 8 is now up to what 30 gig of bubblegum? ... sitting on top of maybe a meg or two of dos ... shameful! F6 anyone? so then the question came up, should "we -- you know, the noble gill bates" allow "those clueless owners" to have "administrative access" to their ownership underlayers ... HARHAR said the pirate ... Access denied, even in safe mode.

total noob here but I still like the idea of 1 "Senior-Chief Administrator of the Bubblegum" (S-CAB at the windows level) ... so now I'm a S-CAB (haha) and I need discretion (uh ohh) ... nice to know about safe user history.

@submix8c .. thanks for the reg tip ... I finally figured out that I don't need to convert reg to inf for nLite ... just pile up the regs and run them from a batch in runonce ... (slow learner here ... somewhere back when I got my brains stuck in this gigantic vat of boiling gooey bubblegum ... it was almost totally inescapable (in-^[-able ... did I remember that right?) so it took me a long time to finally crawl out ... one of these days I'll make my way back to good old dos

I sure wish I had better feelings that the sha1 or md5 of my cd are good ...

Link to comment
Share on other sites

Unless your CD is properly "imaged" there's no way to be sure about SHA-1/MD5. If you "ISO-image" it you have to be sure that ALL trailing hex-0's are gone as they "throw it off" AFAICR, saving the Track in Nero would be good. Other CD tools also work (can't remember which) but it MUST be done as ISO or it won't be right. A Hex Editor would allow "deleting" those pesky trailing hex-0's. Hashmyfiles will provide them after PROPER ISO creation and then just search the internet to cross-check. I kind of doubt yours is "bogus" so you shouldn't worry about that as your description sounds legit. ;)

Link to comment
Share on other sites

I think that Microsoft made Windows XP accounts this way for three reasons:

1. The main idea is an administrator that controls some other restricted users (wife, kids e.t.c.)

2. On the other hand Windows XP is the sequel of Windows 9x/Me also and not only Windows NT, in Windows 9x/Me there are no user restrictions.

3. Programs that worked on Windows 9x/Me often won't work with a restricted account.

The final concept is that whoever has control of the non-deletable Administrator account (secures it with a password after the installation) has the control of the system. He can create, delete or change the type of any account at will. The accounts that are created at installation are all administrator ones but they can be changed afterwards by the one who has the Administrator account. This can anyway be done by the user who does the installation (change all the accounts but his own to restricted ones) but in case there must be more accounts with administrative rights the Administrator one still gives the control of the system to the "real" administrator.

Link to comment
Share on other sites

I think that Microsoft made Windows XP accounts this way for three reasons:

Sure :), as said it is the attempt to make a "one-size-fits-all OS for both "networked enterprise" and "home user".

As an example, it makes no sense whatsoever to have user access to a personal laptop or notebook, or if you prefer, it makes as sense as it does to have several users on your cellular phone (you may have a PIN to access it, but you don't log in to your phone as member of groups like "Administrator", "Backup Operator" or "Can receive but not call", "Can call but not receive", "Can call and receive BUT not send MMS" etc. ;) )

Now, raise your hand you that have used the NTFS quotas at home..... :whistle:

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...