Accounts: Administrator account status

Information

Accounts: Administrator account status

This security setting determines whether the local Administrator account is enabled or disabled.

Notes

If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
Disabling the Administrator account can become a maintenance issue under certain circumstances.

Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled.

Default: Disabled.

Solution

Policy Path: Security Options
Policy Setting Name: Accounts: Administrator account status

See Also

https://blogs.technet.microsoft.com/secguide/2018/11/20/security-baseline-final-for-windows-10-v1809-and-windows-server-2019/

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CSCv6|5.1, CSCv6|16

Plugin: Windows

Control ID: e2e98dc02fd2a623f6c4dff0b36ce0ce8a4bedc14d0d474b92bfb0ab7f948cec