The Secret Windows "Super Admin" Account
Vložit
- čas přidán 22. 05. 2024
- Do you even KNOW what it's capable of?
⇒ Become a channel member for exclusive features! Check it out here: czcams.com/users/ThioJoejoin
▼ Time Stamps: ▼
0:00 - Intro
0:50 - Where to Find It
2:52 - What's it For?
3:33 - What Can it Do?
6:01 - Why NOT To Enable It
8:26 - Ways to Enable It
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Merch ⇨ teespring.com/stores/thiojoe
⇨ / thiojoe
⇨ / thiojoe
⇨ / thiojoetv
My Gear & Equipment ⇨ kit.co/ThioJoe
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ - Věda a technologie
NOTE: Turns out lusrmgr.msc might only show up if you're running Windows Pro or higher, not home. You can still enable the account via the command prompt method later in the video.
Hi
What is ThioTangent™
Cool Thanks Joe That was actually my question
It's worthless, it asks to enter password to log in
I use pro
*Plot Twist: ThioJoe is the Super Admin*
LOL XD
true:)
lol
*ThioJoe Ban Hammer Sounds intensifies*
lol
As you mentioned, the SYSTEM account has the highest privileges within Windows. Anything that runs under this account is basically treated as part of the OS itself. A fun fact though is that if you use the task scheduler, you can actually make anything run using the SYSTEM account by ticking 'run with highest privileges'. This bypasses UAC even if it's enabled so it can be useful if you want to give a program admin permissions on login for example (of course only if you 100% trust it and know what you're doing)
Correction: system is the second highest. TrustedInstaller has the highest privileges
That works on windows NT, 2000 and XP, but i could not make this trick works in more recent Windows versions. That's was a very unsefull trick when I needed to remove viruses by hand from infected systems.
If you have a way to make it work on actual version of windows, i'll take it.
@@oyerkproto I understood that no user or privilege has full OS access on recent windows versions. But I may have misunderstood something.
Speaking of system, I am trying to log into that user.
@@thepianozoopmasterMAN you can't. It's not a user, it is a privilege.
I don't know how, but whenever am stuck with something on my PC, Thio uploads the exact same video as the solution the next day😂
You may have psychic powers.
Please don't hurt me
You're a wizard,Dhamu
bro.. my name is harsh aswell... but not dhamu my name is harshvardhan nair
Curious when you'll talk about the OOBE of win 10 and its "secret" keyboard shortcuts. (Ctrl-shift-F3 for pre-oobe admin environment, shift-F10 for console, windows 5 times for Autopilot deployments, ...)
I use them daily to set up Laptops at work, but it was amazing to learn about them initially as they are so incredibly rarely used by anyone aside Enterprise IT Admins.
That's not known in our company... Can someone tell me more about it?
I remember watching him so long ago that he used to be like do this if you want your Xbox to turn into a ps4 and the fact some people fell for it made me laugh
I haven't watched Thio since I was 7 (I'm 13 now)
first video I seen was Turn your ps3 to ps4 🤣🤣🤣
lol true
i didnt fall for it but my friend did
What do you mean “fall for it,” all of them work.
Clickbait king
Older Windows versions in the NT family also had other ways to get in and / or escalate privileges, including methods that involved renaming the logon screensaver or even scheduling a task to run an elevated Task Manager (before Win7 made it easier to do so.) Fortunately it was rare that such methods were needed, but handy in emergencies.
Maybe the reason your default admin was not enabled in safe mode is because you had a regular admin account enabled. The default admin is only enabled in safe mode if:
1. There is no other admin or privileged account you can log on (all regular admin users being disabled,...), and
2. The computer is NOT part of a domain.
its fine to always use administrator acc if you're like, sentient and know how to not download malware
First to this commet
true
But the built-in account won't let you do a lot of things. Using a regular user account with admin privileges (and disabling UAC) will give you a lot more freedom.
At least when I last tried it years ago, a lot of programs and actions refused to run under this account, saying "dude, this account is for maintenance and, well, _administration._ If you want to just use stuff, be a _user"_ (might not be verbatim)
I don't remember which things exactly, but I think MS Office, specifically Outlook, was among them.
I'm gaming
100%
Your content is always amazing. Thank-you.
I like your background colors so much! And the video quality got so much better
Best practice is to create a new account to be the administrator, so it has a different SID than the built-in Administrator account, and put a strong password on it. Then use a regular User account for your day-to-day use. Then when the UAC comes up it will ask for the password for the admin account rather than just asking "hey ya wanna?".
That would be good for the malware that doesn’t need admins permission.
Do this if your kids using pc
you can also just change the default account you create to non admin. OFC you have these idiots who use microsoft accounts that have auto admin privaleges :C
but if the user isn't admin, the user rather types the password into a fake UAC. with the admin account, most people would think before they type when they just normally click
I use Administrator account and set to ask for password when UAC comes up.
@@rohansampat1995 Microsoft accounts can be set to be standard account; they are not required top be admin.
The account must be another account other than the out of the box first account though, as the PC needs to have at least one active admin account.
If a user has logged as Microsoft account on first setup, they can create another account, or activate this administrator account, go to the other admin account and then set their main Microsoft account as standard account.
5:05 There is a Microsoft-provided tool that _can_ open an interactive Powershell or a command prompt (etc.) as SYSTEM… but for 99.99% of admin tasks it's like using a snowplow to scramble eggs.
I remember accessing this account on old school computers to install the software I wanted. I accessed it by booting in safemode and there was no password. Back then (around 2005-2010) it always seemed like it was enabled and without a password as default... at least on pre-built machines
Appreciate the knowledge shared on this topic ThioJoe! Quite useful 👍
You already talked about it i think, already knew, Nice video man
For anyone who wants to enable this on windows 10 HOME, open cmd and type net user administrator (Enter a password here) then type net user administrator /active:yes. That will enable the cccount on any HOME version of windows that does not have the group policy editor.
You mean the Local User Management MMC console ;)... (GPO editor is something else)
...by the way he said that in the video
U always make vids I like thanks for the great content
THANK YOU! This randomly popped into my feed and was the answer to the question i had for MONTHS
I am a software developer and need to run a lot of batch files, compile applications that modify the registry, and stuff like that on a daily basis. I found that in order to keep my sanity and to be able to do my job efficiently I run Windows using the 'Administrator' account all the time. To run as a regular admin user, I would need to change the permission on the whole C:\ drive and run the command prompt with elevated privileges all the time. I don't use any web browser or email applications on my dev machine and try to minimize the risk of download malware. Thanks for your video and clear explanations.
Thio still seems young so this use case might have escaped him. When you've migrated files from computer to computer... one day you might be looking for a file you created back in the 90's and have no access. The user accounts and from years ago might not be what you use today. Thus, that "Secret" Admin account (which wasn't a secret to me) turned out to be very useful in manually setting permissions of old files so that users of the current computer could access them. The regular admin account hadn't such power.
Omg, that hadn't occured to me as I was just slammed by something pre existing that has root on every hard drive now as I was migrating old drives to a central hub. Took over day 1 New 16char wifi 6 network access (from 4, where it followed from) & sideloaded the droid.+ Factory reset on that Win account. Whatever it was used this, and even air gapped it managed to make my old memories now a time bomb or future storage, from W7-11, Android 11 + 13, (changed to some Chinese bullshit.) Never in my life had tech go this sideways. Oh, found an Access Point through Verizon, that's cute. Fml.
Linux makes this super easy with chmod and chown
On Windows 7 there was actually a way to use the "SYSTEM" account (most equivalent to Root on Linux actually) with the Windows Explorer and everything.
What you had to do was replace the executable for the Windows Accessibility Stuff with "cmd.exe". Then on the login screen when you clicked on the accessibility button a Command prompt would open. From there you'd have to kill the login screen process (probably the trickiest part) and then run explorer.exe from said command prompt.
You're now using the System user with UI and all
_Technically_ it's still possible on Windows 8 and newer, but the explorer will not run if you're not logged into a regular user account (or the here discussed Admin account)
The filesystem can be navigated via an Open File dialogue of notepad.exe.
@@RokeJulianLockhart.s13ouq ofc, but it's not a full user experience with taskbar, start menu and all (which is what I was explaining in my original comment)
Windows has a system integrity system that will replace the changed original exe.
@@Chickenbreadlp Indeed. Why engineers in later versions of Windows didn't evaluate explorer.exe with higher levels of privilege than merely administrative is very, very weird. The predecessors bothered to. (After all, file pickers for standard Win32 WinForms software is provided by an API that is independent to explorer, as this demonstrates.)
As Enderman usually demonstrates, sethc.exe usually isn't checked as part of System Integrity Protection@@RKingis
Back to back awesome videos by ThioJoe
Thanks for the video, Joe!
I use the Administrator when I need to copy the files off an old drive user folder as you can copy the files without waiting for it to change the permissions which can take ages. Open an administrator command line and type "net user administrator /active:yes" to disable it again with "net user administrator /active:no"
or use the installer to change utilman.exe to a cmd and then use an even powerful cmd on the login screen to do it
@@DarkBraveStuff usually this would be on Joe Public's computer so giving them access to a more powerful cmd is not a good idea.
This is both correct and incorrect - the build in Administrator account is part of the local Administrators group. Default NTFS permissions on all drives include Administrators group with full control. If you have an account which you promoted to local administrator by adding it to the local Administrators group, you would not need to do this.
Also, if you are able to do "net user administrator /active:yes", then you are already an administrator and this is unnecessary :).
@@ivanpanchev5894 If you add a drive from an old installation of windows you can access the user files from the main account but it will spend an age on the permissions before you can access it. From the hidden administrator, it justs opens the user folder for you to do with as you wish.
Hi Brian. If you open elevated CMD (or Powershell) with account which is part of the Administrators group - you can browse profile folders without any permissions modification. However, opening it trough Explorer will result in 'you need read permissions' in the security tab (also if you try opening it trough explorer it will start granting explicit permissions to your account). I suspect this is because explorer is not ran in the Administrator context - else non admin users won't be able to use it :D. Could you please try it?
Hi, Thio! Respect!
Best tech videos . Always ready to watch
This has baffled me for a while. Thanks for reviewing this.
Yeah about this. Once I forgot the password to my user account and I has no other accounts setup as a backup. So I enabled this admin account from the recovery (by selecting cmd) . I changed the password for my user account and then created another account to be used as a backup
@@SeventhEntropy oh boy. If that's the case then you just learned a new method
@@r.g7261 I just use Kali Linux, there was a program chntpw(not sure of the name) by using that u can change or remove the password
Very interesting video!
If I may add some precision to the use of the Default account, I've had the opportunity to set up a deployment server for a company once, and the Default account came in quite handy.
First should I say that MDT (Microsoft Deployment Toolkit for making install sequences and other stuff) is using the "super-admin" account, and you can definitely see it using that account when it has to auto-log into it multiple times, doing reboots and all that kind of stuff, so it definitely has a huge utility there.
Back to my Default account. Since we were sending around 2 to 3 sometimes up to 5 computers per day on busy days, deploying those computers fast and as automatically as possible is crucial. Though every time we had finished deploying a computer, we had to send it to the user over France, then once the user received it, he had to log in, and call us so we could finish the setup for him. That included setting up shortcuts, bookmarks in chrome, iniatializing the VPN and other stuff. That was quite the time consuming task. So when I prepared that WDS/MDT server (it's the deployment server), we made use of the Default account as a template. Turns out every time you log into a computer with a new user, Windows uses that Default account as template to create your account folder and everything. Knowing this, we could setup the common parameters and for example throw the chrome bookmarks and desktop shortcuts inside that Default folder to their respective place, and it was working like a charm! Windows was loading the modified Default account and when we logged with a new user, everything we could setup with the Default account was there and operating!
At least this is the use we made it out of. I'm sure there is some other uses to it!
Apologise for the grammar mistakes if I made any!
Just remembered this account existed. I used to follow this account like 8 years ago and it’s crazy the content hasn’t changed at all
YET ONE MORE TIME JOE UPLOADS LIFE JUICE.
In Windows XP, the account was active and enabled by default, at least prior to SP2. It just wasn't visible on the Welcome Screen. To log in to it, you'd have to press CTRL+ALT+DEL twice when at the Welcome Screen. You'd then be presented with a classic (i.e. Windows 2000 style) login box, and you could just type administrator as the user name and no password (again: default) to log in. I believe Microsoft may have changed the default status of the administrator account in Windows XP Service Pack 2, but, as I said, at least prior to that it was always enabled.
Yes. That account being perma enabled also helped with the spread of certain viruses, thats why it's locked and restricted to local login now.
Thio: Is that Express V-neck tee? Love it! ☺
I do actually use this account as my main account. I've done so for years on both windows 7 and 10. I do understand why you recommend not using it but for an advanced user, such as myself, I know not to go to certain sites, open certain e-mails, download certain things, etc. I also have a 3rd party firewall as well as a firewall in my router, an anti-virus software running 24/7, a malware detection program that can also detect rootkits and I also disable remote desktop and remote registry. I know this isn't going to guarantee I'll never have a problem but I feel comfortable with it. My brother writes some pretty sophisticated security programs for his personal use so I have the benefit of having access to those as well.
Thank you ThioJoe, very cool!
9:38 If you use the windows installation media (Thio mentioned that last video), then you do not need to type in any password.
Correct. Drive encryiption is the only solution to protect the installation here.
My windows just corrupted where i just lost all my admin rights last night
then out comes your video
which helped me to get the super admin account through safe mode
where i can do a repair upgrade instead of a clean install
and all my files can stay intact
Perfect explanation much useful.👍
i had forgotten about that, i remember having to enable it in Vista for some reason.
Oh I have gained access to it by accident. I formated my PC and for some reason it redirected me to the Administrator account instead of my normal user account.
Well I'm definitely not gonna enable that (I might do it on my script tester virtual machine)
lololololololoololol
@@tzarg laugh out loud out loud out loud *at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch at lunch*
GioFilms r/ihadastroke reference
@@cycrothelargeplanet LOL XD
Onced use this administrator account when I accidentally changed the rights of my own account to 'docker-user only'. Couldn't do anything anymore, this saved me
I’ve seen business PCs in 2020 with Windows XP (could not be a big deal if it was not expose to threats like internet) using the Administrator account as the main account as an everyday consult PC, and we talk about a shop with personal with no particular formation in avoiding malware, at least the putted a password to admin although it was four characters long
My computer doesn't have an account called "administrator".....however, since I have pro edition I have modified the name in there to "thy lord and master"......that said, I also have the system account and the psutils to access it. In cmd it reads whoami as ntauthority/system
Edit
@5:10
Yes the heck you can
Using psutils you can run am instance of cmd as system, close explorer.exe then reopen from cmd and you ARE logged in as system at that point
I thought it would be the NT Authority/System account, since that is abused often during privilege escalation
Same
Same here too
It indeed is the "SYSTEM" builtin account that is equivalent to the linux "root" account.
@@hbm293 wrong. NT Authority/System cant delete certain files (example hal.dll). The account that actually has all privileges is TrustedInstaller.
@@kenziewebm That's correct, in Windows Vista+.
A really cool video, thank you, do post these videos, I remember one of your videos where you showed how to open the hidden cores in the cpu, it would great if you could repost it, thanks.
You can run programs with the System account and kinda log in to it, though it surely is not to be recommended. :D
With certain modifications you can launch a system cmd in the windows login, launch the explorer process with it, and suddenly youre kinda logged in with system account.
The SID 500 account .\Administrator does in fact have rights over regular local admins and domain admins. For example, if you deactivate UAC regulary for another .\Administrators member, a hidden uac feature still is active that prevents certain actions from remote execution. This restriction can only be globally disabled via registry hack, but the .\Administrator is never affected.
In rare cases it can make sense to temporarily enable 500 in server environments for this.
The main reason you don't use the 500 is that it can be bruteforced endlessly, because it can't be locked out.
That 500 Admin account CAN be locked out/banned, if you enforce a lock on "X failed password attempts" using GPO. I noticed that, when I opened a telnet port on my server towards the internet and that account was banned in less then 10 seconds.
@@Sypaka Interesting, did not know you can force it via GPO, might actually be useful for me in one case.
The Telnet ban gave me a good laugh :D
@@Purple.Tentacle It gets even wierder, if I tell you, that account wasn't even enabled. They managed to ban an inactive account over telnet. Had to geoblock countries after that - and then switched to Arch Linux last year.
Fun fact: He was an admin.
there is another way... at the first setup screen on a fresh windows install (OOBE), hit CTRL+shift+F3. the pc reboots and logs in as "administrator" in "sysprep audit mode". dont close the sysprep popup, uninstall bloatware etc, then OK the sysprep popup. handy shortcut. its mainly used for cloning PCs, preinstall apps.
I fucked up my windows installation yesterday, but I thankfully had the four USB sticks you told me to make. I only used the windows one but thanks anyway!
On my main PC I've been running as full admin since before Vista came out. I was a beta tester for Vista. Not a single issue has arisen in all these years.
I've never been in a car accident but I'm not about to stop wearing my seatbelt.
Just because you've been lucky so far doesn't make it a smart idea.
I love when ThioJoe tries so hard to be relevant in the thumbnail. ☻😂
What’s that white smile face emoji?
@@weeezer212 ☻
the XP also had prompt to give this Admin account password when installing windows, but only on Pro, Home installs were left without the password. so only thing you needed to get into XP machine with Home was to boot into safe mode and use unprotected Administrator to create your new admin account. Woked on like 99% cases, very few ppl using home even heard of it, much less bothered to add password for it.
That thumbnail is so funny! 😂
This isn't a super administrator or root account, this is just the default built in Administrator account. The root account in Windows is SYSTEM.
Using the sethc exploit on the login screen allows you to use the whole pc as system excluding some features like explorer. A lot of functions break under system
@FuchsPlayZ the sethc exploit is like the one key to the whole system
@@oyerkproto ah yes this is the real sneaky sneaky one
@@oyerkproto using psutils from Microsoft you can use system as the entire system including an instance of explorer running under the system account, also full access to regedit, including all the hidden stuff
I'll try to find and run it using VMware when I get the chance, thanks for telling me!
i lost count how many times you've warned not to enable the super admin account... I'm scared and curious at the same time
I learn more from this guy than my computer teacher like seriously
Thanks for information
Nothing secret about the "RID500" account, it's the only true local admin account on a Windows machine. All other members of the administrators are under the "Admin Approval Mode" it's like root vs super user.
Lol came to say exact same thing
Oh yeah, I remember this account, it was the account that my dumb younger self actually activated, renamed and used as main account each time I reinstalled Windows.
Just a tip, this user account is enabled by default in all windows versions up to until windows 7 if I recall correctly, and can be easily accessed booting in safe mode, the account is just there, unprotected and you can for example log in and use NET USER commands to destroy the main accounts passwords and voilá, reboot and access all the accounts you want. This was a huge phisical security risk untill then. Since windows 8, you can no longer access the account by default through safe mode
With some tricks you can log into System and even run explorer.exe. It just isn't useful most of the time because most programms say the user account is invalid but it is useful for removing Malware.
7:30 actually you can relatively easily escalate to the NTAuthority/System account which has even more permissions than the Administrator account (as in, it doesn't need to edit the ACL to modify core system files).. so yeeah.. disabling the Administrator account to prevent priv escalation isn't really useful
@@ToniMorton Doesn't matter. The restriction is only for the explorer (ie. the explorer checks if its running as SYSTEM and kills itself, if thats the case). A maleware with a priv escalation exploit can still escalate to SYSTEM without any problems.
What's your privesc method? I didn't think it was particularly easily until PrintNightmare etc came along
@@ToniMorton sure, but unlocked physical access is usually out of scope. Even if VID/PID attacks eg Razor drivers are easy to block, hardware probing (SPI/RAM) is usually doable. Silent Windows privescs are common, but I wouldn't call them trivial by any means (at least theory-wise, being a skiddie is always easy). LAPS or disabling LA are industry-standard for good reasons.
Wao love from Pakistan 💕😘😘😘
Is valid in India or not?
@@Freddy_Guy bruh obviously why wouldnt it windows isnt region locked
Thanks, man!
Using WinAeroTweaker, there is a registry edit that allows you to enable UAC on the "Super Admin" account, thus nullifying some of it's security risks if a hacker finds out a way to enable it.
There's another account that has even higher privileges than Administrator. It's called NT AUTHORITY/SYSTEM and it's hidden by default.
Linux gang 😎😎
linux on windows gang 😎😎
Windows AND Linux gang 😎😎
I Dunno What To Pick Gang 😎😎
Any Os is Os gang 😎😎
unix gang 😎😎
Where ThioJoe get these knowledge? INTERESTING!!!!!!!!!!!!
In my opinion you can make two .bat files, one to enable and another to disable admin account or one that enable/disable and keep them in your pc just in case of need but i have not found a situation to use "Admin" account, however there will be always someone that will try so i suggest that if you are going to mess with your windows better create a system image for recovery
This is not completely accurate:
- the default "Administrator" account always existed (just look at Windows NT 3, 4 and Windows 2000);
- the account with the highest level of privileges, that is equivalent to the Linux' "root" account, is the so-called built-in "SYSTEM" account on Windows.
- the "Administrator" account on Windows is slightly less privileged compared to "SYSTEM".
You didn't watch it all
Windows server pack (2003, 2008, 2012, 2016, 2019, 2022) are enable since installation which when u are installing its, you will be asked to create a account, which is administrator account,
That's more like a "hidden" admin account rather than a "super" admin account because it doesn't do more than what an actual admin account could do anyway except that there is no UAC popup. Anyways very good info. I never knew about this.
Nice! Thank you.
Last video watched from you was breaking into house for wi fi password...got recommended after long time...
It also gives privileges to routine jobs they don’t want you to stop. Like the registration numbers of programs and matches with registered name opens communication so they can shut your computer down
You can actually secure the Administrator account.
To do that you can download a program called Winaero Tweaker and it has some options to force uac on the Administrator account.
The thumbnail is amazing
I also learned that ThioJoe looks cool with his sunglasses on from the thumbnail.
Amazing video
Wait so as you said that you can enable it from cmd prompt which is also avalible in recovery mode right? Well what if I forgot my main user accounts password and want to recover it back, I can enable and use the admin account to change/delete the password of my main user account right?
You rarely use the root account in Linux/unix anyway. If you need root-type privileges, you just type sudo and put in the root password. It only works for one session/task, and if you do more admin stuff, you have to type sudo again. So if you have to do a lot of tasks that require admin, you log in as root, do the stuff, and log out and back into a regular user account.
thanks for the video sir
in some linux distros, root is disabled by default. (if you want root privilages, use sudo, if you want a root shell use sudo su) : )
Wow! Thanks!
For my previous install of Win 7 and now Win 10, in the Group Policy Editor the UAC is disabled and enable password required instead. I like the old Windows XP way. I always use a standard user account then if something needs higher permissions it pops up for the higher level credentials. A bit more work, but I will never hit Ok at the UAC prompt by mistake
Nice info thx
I think this was a decent explanation at levels people who don't know would like to understand. Great work. One more important thing is that if a bad guy can get on your computer, and you are an administrator (even not the Windows Administrator account), and the bad guy can then use those admin permissions to escalate to the NT AUTHORITY\SYSTEM account that you can't login to, and it's very trivial to accomplish this using Microsoft's own administrator tools available from Microsoft. These permissions (SYSTEM) are far above the rest, and closest to "root" on Windows. This is where Windows Rootkits can be installed, which are extremely dangerous things, and nearly undetectable within the operating system. Don't do anything as Admin if you don't NEED to do it as admin... and always require a password, and make it a good one.
If I remember correctly, administrator cannot bi locked after whatever number of unsuccessful logon attempts is defined in group policy. That is also one of the properties that other admin accounts do not have.
Good job Thio... and no booting into safe mode does not enable the admin account.
When I go to lusrmgr.msc I do not have the 2 folders (USERS and GROUPS) listed under the leftmost column as shown in your video. How come?
Looks like you have been really working out.
In fact in XP days was almost considered a backdoor, you want to enter a password protected Windows XP, enter safe mode hitting F8 during initial Windows Boot and voilá Administrator doesn’t have password and can delete the other admins passwords
Actually you just needed to double tap CAD, and would show the older style login screen.
Nice... I already Use this Feature
This super administrator mode gives me 2014 thiojoe vibes back when he used to "turn" ps3s' into ps4s ahahah
I have two account on my Win 11, that administrator account and normal account. That admin one is to make "important" changes in Settings, control panel etc.
0:40 Thank you now i know that my laptop origanly was windowsVisata and i was using it until now xD but now its windows 10 THX
I remember my friend and I managing to get into the admin account on our high school computer feeling like the biggest hackers in the world, I can't fully remember how but we managed to make one of the accessibility options in the login window open cmd
copy cmd.exe over sethc.exe, then try to enable sticky keys
Windows\system32\lusrmgr.msc gives me a screen witth only help on it... just disk cleanup and nothing about users - are there switches that need to be thrown?