# Can't Elevate to Administrator - Win 10 Home, no hidden Adm



## brianmi40 (Jan 29, 2017)

I am unable to elevate my account on my *Win 10 PC Home Edition* to Administrator. Right now, it's keeping me from installing Dragon Naturally Speaking 13, and R-CLICK "run as Administrator" doesn't work to install. I am the only user of the PC and it was the free upgrade from Win 7, originally configured with just Local Account. All works OK (i.e. no problems logging in), but can't add User Accounts (ostensibly Standard...), and can't enable Hidden Administrator account to use to elevate my account. Only relevant history was about a year ago, a MS Tech did many steps to get the PC OUT of Hidden Administrator mode I had enabled to troubleshoot some install, but I then couldn't disable afterwards to run apps it was preventing from running. Here's what I know so far:

a. Using (elevated) CMD for "net user administrator /active:yes" gives "system error 5 has occured. Access denied"
a. I have no "Family & Other People" option listed, in my Settings Accounts
b. Using "User Accounts" OR "netplwiz" to add a new Local User account yields error "0x80070005" (a rights denial?)
c. NETPLWIZ from normal boot Win GUI shows my Microsoft User Account listed ([email protected])
d. Using SHIFT-RESTART to get to Advanced Options and Selecting Administrator as the account to launch CMD from lets me run NET USER, but the only accounts listed are:
- Administrator
- DefaultUser
- Guest
(why isn't MY account shown in the list??)

e. Also In SHIFT-RESTART CMD (ostensibly as hidden Administrator, right?) "NET USER BILLYBOB" does not create a new user account, complaining about not being able to add to Local Users
f. Also in SHIFT-RESTART CMD navigating to c:/Windows/System32 and running NETPLWIZ launches user account window, but clicking "ADD" does nothing, so unable to add a user therein.
g. Also in SHIFT-RESTART CMD, "SFC /SCANNOW" errors out with no details

I'm pretty much one notch away from attempting a local re-install, just hating the idea of reinstalling all my apps from the non-destructive reinstall that leaves Data (not the android) alone...

Any and all ideas greatly appreciated!


----------



## jenae (Mar 17, 2013)

Hi, press the win + x key together, from the menu select command prompt(admin).

At the prompt type:-

*Net user administrator /active:yes*


----------



## brianmi40 (Jan 29, 2017)

Sorry, should have specified that I was using an elevated CMD prompt when the "net user administrator /active:yes" failed for me. Thanks for the reply though!


----------



## TonyB25 (Jan 1, 1970)

The account you're using now isn't an Administrator?


----------



## brianmi40 (Jan 29, 2017)

No, as stated, that's what I'm trying to achieve, my user account has no Administrator rights, AND, I can't enable the hidden Administrator account to even try and grant them to it. Thanks for the reply.


----------



## brianmi40 (Jan 29, 2017)

Just noticed I cannot launch UAC, either from typing User Account Control in Start menu and getting the option to launch it from there being listed as in Control Panel, nor will it launch from Security and Maintenance in the Control Panel. Clicking the blue link for it (Choose Your UAC Level) does nothing.

Beginning to have the word VIRUS enter my mind, but I'm a pretty cautious surfer and emailer, especially as an ex-fortune 1000 Help Desk Manager. I definitely never open emails from unknown sources, and am even more cautious with email attachments from family / friends. As for web sites more dubious than something like a CNET, I always do a check of their safety rating beforehand, or just stay away from them.

I hesitate to say the word (VIRUS), because it's so likely to cause the knee-jerk reaction of "reinstall Windows"...

Windows Defender (again Win 10 Home...) is up to date, and running a Complete Scan just now shows nothing. So both Hope and Time are getting in shorter supply to solve this... Again, hyper-appreciative of anyone suggesting a fix before I pull the lever and re-install...


----------



## TonyB25 (Jan 1, 1970)

What account type is it?


----------



## managed (May 24, 2003)

If you have a Windows 10 install DVD or USB stick you can boot to it and try Option 4 here :-

https://www.tenforums.com/tutorials...ount-enable-disable-windows-10-a.html#option4


----------



## jenae (Mar 17, 2013)

Hi, the fact that an elevated cmd prompt is giving an error 5 confirms you have a problem with UAC.

The above link will require you to use gpedit for one option it is not available in win 10 home, it would help to check to see if the account is disabled (you can do this). Unfortunately the reg mod to the sam hive( 11-10) most likely will not stay (UAC).

Press the win + x keys together from the menu select command prompt(Admin) at the prompt copy and paste all below (highlighted in red to make it easier, does not need to be copied in red)

reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" > 0 & notepad 0

Press enter, please copy paste the notepad output here (perfectly safe, we are just checking the registry status of UAC)


----------



## managed (May 24, 2003)

@jenae are you referring to my link in post #8 ? Gpedit is never mentioned in Option 4 and the reg mod is carried out after booting into Windows 10 install so I don't think UAC applies either.


----------



## jenae (Mar 17, 2013)

Hi, I never mentioned option 4 "The above link will require you to use gpedit for one option it is not available in win 10 home"

The UAC problem is not going to be effected by modding the registry, to get the admin account working. So we still need to see the registry key details I asked for.


----------



## brianmi40 (Jan 29, 2017)

TonyB25 said:


> What account type is it?


Assuming you mean Administrator versus Standard, then it would be Standard. If you mean Local versus MS, it was Local but I made it MS in attempts to rectify this weekend, makes no difference in these latter alternatives.

(edit): Reason for switching to MS account mode from Local was since it was the free upgrade from Win 7, I wanted to have it register the license online for me in case I have to burn it down somehow...


----------



## brianmi40 (Jan 29, 2017)

managed said:


> If you have a Windows 10 install DVD or USB stick you can boot to it and try Option 4 here :-
> 
> https://www.tenforums.com/tutorials...ount-enable-disable-windows-10-a.html#option4


That could work, but since the walkthough at the link you gave indicates 3 ways to get to enable Hidden Administrator and the 3rd way, which is one that's failing for me, I'm a little doubtful the other methods will work, as Net User seems "blocked" from being able to enable the Hidden Administrator, seemingly from a different issue. But, I can give a go, using Rufus to build a thumb drive from the MS ISO if need be. But will take a while to pull down the ISO and build the USB drive from it.

I'm going to try JENAE's Reg Query and see where that takes us first. Thanks for the response though!


----------



## brianmi40 (Jan 29, 2017)

jenae said:


> Hi, the fact that an elevated cmd prompt is giving an error 5 confirms you have a problem with UAC.
> 
> The above link will require you to use gpedit for one option it is not available in win 10 home, it would help to check to see if the account is disabled (you can do this). Unfortunately the reg mod to the sam hive( 11-10) most likely will not stay (UAC).
> 
> ...


I cut and paste your exact red line, but elevated CMD prompt is having none of it, just yields Access Is Denied... (after a prompt that file doesn't exist, so I responded to create it).

It's seemingly like being between a rock and a hard place, as I wondered about deleting all user accounts (regedit?) and if that would force the PC to boot into Administrator on a reboot, or, if it would drop me in as Guest!?!?? (EDIT) but that may require Admin rights to do anyway...?

Thanks!


----------



## brianmi40 (Jan 29, 2017)

managed said:


> If you have a Windows 10 install DVD or USB stick you can boot to it and try Option 4 here :-
> 
> https://www.tenforums.com/tutorials...ount-enable-disable-windows-10-a.html#option4


As the saying goes, it always gets darkest right before it goes pitch black... Unable to run the MS ISO Download Tool (MediaCreationTool.exe located at: https://www.microsoft.com/en-us/software-download/windows10 in order to pull down the Win 10 ISO to use with Rufus on a thumb drive... It simply says "There was a problem starting Setup, restart your PC and try again", and of course, after a reboot, trying again just repeats the message... Does it need Admin to pull the image and put the ISO on media? (EDIT: yup, buried in instruction "must be Administrator"...)

Darker and darker...

Headed to my second PC to pull it down to the thumb drive... where there's a will there's a way... (EDIT: flash drive almost built on PC #2)


----------



## brianmi40 (Jan 29, 2017)

OK, MediaCreationTool says the Windows 10 ISO is ready to go on my Thumb Drive... If we're out of ideas, I can burn it down if I have to... again was just hoping to somehow avoid that despite clear recollections of how beneficial / necessary that was to do periodically going back to Windows 3.1 (or Windows for Workgroups, or as it used to be called "Windows for Warehouses", since it didn't sell...).

*History anecdote to skip*: Started out managing a Radio Shack at age 19 selling TRS-80 Model I's and wonderful software like "Cassette Payroll", managed one of their early mall stores with a separate computer department with among other items the Model II's with the 8" floppy drives... then later worked in Egghead Discount Software corporate sales group, then did grand opening of 2nd Egghead Discount Software store in Houston, near Compaq headquarters, then off to manage all PC support at Kwajalein Missile Range (now Ronald Reagan Test Site) for 5 years, returning to Clearwater FL and a "big international retail brokerage with local football stadium naming rights" in our area to manage their Help Desk (2 locations, here and Detroit) for 15 years...

Thanks to all tossing an idea or two my way!


----------



## brianmi40 (Jan 29, 2017)

jenae said:


> Hi, the fact that an elevated cmd prompt is giving an error 5 confirms you have a problem with UAC.
> 
> The above link will require you to use gpedit for one option it is not available in win 10 home, it would help to check to see if the account is disabled (you can do this). Unfortunately the reg mod to the sam hive( 11-10) most likely will not stay (UAC).
> 
> ...


Tried your command again, leaving off the > 0 & notepad 0 and it worked to show:

C:\WINDOWS\system32>reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin REG_DWORD 0x5
ConsentPromptBehaviorUser REG_DWORD 0x3
DSCAutomationHostEnabled REG_DWORD 0x2
EnableCursorSuppression REG_DWORD 0x1
EnableInstallerDetection REG_DWORD 0x1
EnableSecureUIAPaths REG_DWORD 0x1
EnableUIADesktopToggle REG_DWORD 0x0
EnableVirtualization REG_DWORD 0x1
PromptOnSecureDesktop REG_DWORD 0x1
ValidateAdminCodeSignatures REG_DWORD 0x0
undockwithoutlogon REG_DWORD 0x1
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0x0
shutdownwithoutlogon REG_DWORD 0x1
EnableLUA REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI


----------



## managed (May 24, 2003)

You can still try the link in post #8 - you don't have to re-install 10 to do it just boot to the Usb stick.

@jenae I linked straight to Option 4, I never mentioned option 1, only you have.


----------



## jenae (Mar 17, 2013)

Hi, windows UAC is disabled in the registry, press the win + x key command prompt(admin) copy paste:-

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWord /d 0x1 /f 

Press enter, restart computer (not shutdown, restart) Open a cmd prompt (as admin) run the net user admin cmd .


----------



## brianmi40 (Jan 29, 2017)

jenae said:


> Hi, windows UAC is disabled in the registry, press the win + x key command prompt(admin) copy paste:-
> 
> reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWord /d 0x1 /f
> 
> Press enter, restart computer (not shutdown, restart) Open a cmd prompt (as admin) run the net user admin cmd .


Tried, but gives access denied (elevated CMD prompt not truly working w Administrator rights???). Will try from SHIFT-RESTART troubleshooting command prompt by putting in batch file so as not to have to type it...


----------



## jenae (Mar 17, 2013)

Hi, you can do this manually, press win + r keys together in the run box type regedit, navigate to:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

In the right payne locate the entry EnableLUA right click and select "Modify" in the value data box change the 0 to 1. OK and out.


----------



## brianmi40 (Jan 29, 2017)

jenae said:


> Hi, you can do this manually, press win + r keys together in the run box type regedit, navigate to:-
> 
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
> 
> In the right payne locate the entry EnableLUA right click and select "Modify" in the value data box change the 0 to 1. OK and out.


Still trapped in non-Administrator hell: won't let me save the Regedit to manually poke a "1" into the EnableLUA... (yes, was in elevated CMD to launch Regedit...)

Also failed when I did SHIFT-RESTART to get to troubleshooting elevated CMD and ran a batch file with the REG ADD line you provided...

Looks like I'll try Allan's Option #4 with my USB ISO...


----------



## brianmi40 (Jan 29, 2017)

jenae said:


> Hi, you can do this manually, press win + r keys together in the run box type regedit, navigate to:-
> 
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
> 
> In the right payne locate the entry EnableLUA right click and select "Modify" in the value data box change the 0 to 1. OK and out.


Interesting, possibly. Used SHIFT-RESTART to get to troubleshooting elevated CMD, launched Regedit and was able to manually poke EnableLUA to be a "1". Exited Regedit and re-launched while still in Troubleshooting CMD it and, yes, the "1" was still there. However, re-launching Win to normal boot GUI and again using elevated CMD to launch Regedit, the value for EnableLUA was back to "0".

Are changes to Win Registry somehow made to a copy and then validated against the Rights to make them permanent and only THEN written to the actual Registry? Or could it have somehow been changed back on normal follow up boot? (there's that word again... virus).

Also, found EnableLUA via Search in Registry, but noticed more than one exists - no need to have them all same???


----------



## brianmi40 (Jan 29, 2017)

managed said:


> You can still try the link in post #8 - you don't have to re-install 10 to do it just boot to the Usb stick.
> 
> @jenae I linked straight to Option 4, I never mentioned option 1, only you have.


*Allan and Jenae, ONE MILLION THANKS! You guys nailed it for me.*

ALLAN: Yes, Win 10 refused ALL attempts to enable Hidden Administrator until I used an install CD and loaded the Hive as directed.

JENAE: After the Hive fix, I was able to edit the ENABLELUA key and get User Access Control working.

All is perfect now. I've raised MY user account to Administrator rights, and then was able to switch back to it, and then was able to disable Hidden Administrator, cold boot to test it all and everything perfect: UAC is back, Family & Friends is back...

You guys are AWESOME. If you ever get stranded in Saint Petersburg, FL email me for help or a cold beer!

Thanks again, Dragon Naturally Speaking is installing as I type this.


----------



## brianmi40 (Jan 29, 2017)

jenae said:


> Hi, you can do this manually, press win + r keys together in the run box type regedit, navigate to:-
> 
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
> 
> In the right payne locate the entry EnableLUA right click and select "Modify" in the value data box change the 0 to 1. OK and out.


*Allan and Jenae, ONE MILLION THANKS! You guys nailed it for me.*

ALLAN: Yes, Win 10 refused ALL attempts to enable Hidden Administrator until I used an install CD and loaded the Hive as directed.

JENAE: After the Hive fix, I was able to edit the ENABLELUA key and get User Access Control working.

All is perfect now. I've raised MY user account to Administrator rights, and then was able to switch back to it, and then was able to disable Hidden Administrator, cold boot to test it all and everything perfect: UAC is back, Family & Friends is back...

You guys are AWESOME. If you ever get stranded in Saint Petersburg, FL email me for help or a cold beer!

Thanks again, Dragon Naturally Speaking is installing as I type this.


----------

