Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Renaming the Administrator Account

- - - - -

  • Please log in to reply
18 replies to this topic

#1
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
OK THE FOLLOWING HAS BEEN TESTED AND WORKING!!!

HOW TO:

Renaming the god-mode Administrator account and Unattended Vista install.
You only need to do this once!
Do the following in the order shown!!!

First:
Click Start >> Run and type 'MMC' and Enter
Click File >> Add/Remove Snap-in...
In the left Window, scroll down and
double-click Security Configuration and Analysis
double-click Security Templates
Click OK
Second:
Create a new Security Template by:
Expand Security Templates
Right-click on default path (should be "%userprofile%\Documents\Security\Templates)
Click New Template...
Type "unattend.inf"
Hit Enter
Create a new database by:
Right-click Security Configuration and Analysis
Click Open Database...
Type "unattend.sdb" This directory is %userprofile%\Documents\Security\Database
Hit Enter
Type "unattend.inf" This directory is %userprofile%\Documents\Security\Templates
Hit Enter
Third:
Enter new Security changes:
Expand Security Templates >> %userprofile%\Documents\Security\Templates >> unattend >> Local Policies >> Security Options
Double-click Accounts: Administrator account status
Tic the box "Define this policy setting in the template"
Radio "Enabled"
Click OK
Double-click Accounts: Rename administrator account
Tic the box "Define this policy setting in the template"
Enter new Administrator name
Hit Enter
Make any other changes you wish:
UAC: Admin Approval Mode... = FilterAdministratorToken Should be disabled
UAC: Behavior of the elevation prompt for admin... = ConsentPromptBehaviorAdmin
UAC: Behavior of the elevation prompt for standard... = ConsentPromptBehaviorUser
UAC: Run all administrators in Admin Approval Mode = EnableLUA Should be enabled (Adversely affects Std Users!)
Close MMC
You don't have to save console settings if you don't want to, but you must save changes to template!
Remember, your new database and template should now reside in %userprofile%\Documents\Security\Database and
%userprofile%\Documents\Security\Templates respectively. Be sure to save the template changes.

Now you must edit INSTALL.WIM!
Mount INSTALL.WIM
imagex /mountrw x:\sources\INSTALL.wim 1 x:\temp "1" depends on your own image file
Copy the CONTENTS (ie; Database and Templates folders) of %userprofile%\Documents\Security folder to x:\temp\Windows\Security
Unmount and commit INSTALL.WIM
imagex /unmount /commit x:\temp
The above should be done before any unattend programs such as vLite and VistaUA.
Also, a pre-existing database file named SECEDIT.SDB exists in INSTALL.WIM. This is fine and you should not overwrite, delete or otherwise alter
this file!

HERE YOU MAY USE VLITE, VISTAUA, CUSTOMIZATIONS, ETC >>>>>>>>>>>>
WITH NO NEED FOR THE ABOVE REGISTRY TWEAKS

Add the following to setupcomplete.cmd (in \sources\$oem$\$$\setup\scripts\):

CMD /C secedit /configure /db %systemroot%\security\database\unattend.sdb /cfg %systemroot%\security\templates\unattend.inf /log %systemroot%\security\logs\unattend.log /overwrite /quiet


Add/Change the following to your PRE-EXISTING autounattend.xml !!!!PRE-EXISTING!!!!
If you already have an oobesystem pass in your autounattend, just add the items within.

<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<UserAccounts>
<AdministratorPassword>
<Value>"YOUR ADMINISTRATOR PASSWORD HERE"</Value>
</AdministratorPassword>
</UserAccounts>
<AutoLogon>
<Enabled>true</Enabled>
<LogonCount>3</LogonCount>
<Username>"YOUR RENAMED ADMINISTRATOR ACCOUNT HERE"</Username>
<Password>
<Value>"YOUR ADMINISTRATOR PASSWORD"</Value>
<PlainText>true</PlainText>
</Password>
</AutoLogon>
</component>
</settings>

NOTE: YOU DO NOT HAVE TO AUTOLOGON TO THE RENAMED GOD ACCOUNT, BUT THEN WHAT'S THE SENSE OF DOING ALL OF THIS?

If you have a better, faster and/or easier way of doing this, then I just wasted my time.
Brought to you by razormoon

Edited by razormoon, 14 December 2007 - 05:21 PM.



How to remove advertisement from MSFN

#2
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
If anyone can test if you can change the name in unattend.inf 'on the fly' (ie; if you can parse and edit name without going through the whole spiel) that would be greatly appreciated

#3
MAVERICKS CHOICE

MAVERICKS CHOICE

    The Guy from Aus

  • Members
  • PipPipPipPipPipPipPip
  • 1,754 posts
  • OS:Windows 7 x64
  • Country: Country Flag
Just seems like a lot of c...ing around to me... hey but whatever does it for ya.

#4
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts

Just seems like a lot of c...ing around to me... hey but whatever does it for ya.


Sure, it takes a lot, but once it's done to a fresh 'vanilla' image you don't have to do it again.

#5
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
I'm thinking that instead of injecting security folders into wim, one can conceivably store them in $OEM$\$$\Security. Much faster and easier. Also conceivable is that one can run the secedit command from AuditUser pass, no?

#6
MAVERICKS CHOICE

MAVERICKS CHOICE

    The Guy from Aus

  • Members
  • PipPipPipPipPipPipPip
  • 1,754 posts
  • OS:Windows 7 x64
  • Country: Country Flag

I'm thinking that instead of injecting security folders into wim, one can conceivably store them in $OEM$\$$\Security. Much faster and easier. Also conceivable is that one can run the secedit command from AuditUser pass, no?


Sounds good here.

#7
Largo

Largo

    Newbie

  • Members
  • 10 posts

If you have a better, faster and/or easier way of doing this, then I just wasted my time.
Brought to you by razormoon


I tried several ways to do it (mainly with 3rd party tools and scripts) and arrived at the same secedit method.
During Vista deployment, the built-in administrator account is always renamed "administrator" or localized equivalent (administrateur in french), that's why one have to execute secedit after deployment.

I will try to use the SetupComplete.cmd file.

Razormoon> you should wrap your text in code tags to preserve your formatting with spaces/tabs.

Thanks for sharing your input! :thumbup
Largo.

#8
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts

I will try to use the SetupComplete.cmd file.

Razormoon> you should wrap your text in code tags to preserve your formatting with spaces/tabs.

Thanks for sharing your input! :thumbup
Largo.


Honest to goodness, I usually wrap my code. Thanks for reminding me! :)

The SetupComplete method works like a charm.

#9
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
$OEM$ folder method tested and not working.

Edited by razormoon, 25 August 2007 - 03:31 PM.


#10
MAVERICKS CHOICE

MAVERICKS CHOICE

    The Guy from Aus

  • Members
  • PipPipPipPipPipPipPip
  • 1,754 posts
  • OS:Windows 7 x64
  • Country: Country Flag
Back to the drawing board then....

#11
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
Not so bad. Injecting into install.wim works fine it just takes a little more time...

#12
c2483

c2483
  • Members
  • 1 posts
Can someone help me?
I've followed this guide a few times but always get the same problem?
On first boot up, it can't log in. So I click ok and enter the password and still cannot log in.
The name I changed admin to appears right on the log in screen.
 
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>00040408</InputLocale>
<UserLocale>en-US</UserLocale>
<UILanguage>en-US</UILanguage>
<SystemLocale>en-US</SystemLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<UserData>
<FullName>Charles Watson</FullName>
<AcceptEula>true</AcceptEula>
</UserData>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<AutoLogon>
<Password>
<Value>......</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<LogonCount>3</LogonCount>
<Username>Charles</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<TimeZone>Eastern Standard Time</TimeZone>
<UserAccounts>
<AdministratorPassword>
<Value>......</Value>
</AdministratorPassword>
</UserAccounts>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<ComputerName>charles-pc</ComputerName>
</component>
<component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:D:/System/Vista/6001.16659.070916-1443_x86fre_Client_en-us-FB1CFRE_EN_DVD/sources/install.wim#Windows Vista ULTIMATE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>


#13
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
Are you sure you have defined your security policies in \Windows\Security? Checked all the necessary options? If so, did you inject into install.wim and made a call to secedit from setupcomplete.cmd? I've heard of some users having trouble with the setupcomplete.cmd method. What you can do is move that call from the setupcomplete.cmd and put it in your autounattend.xml as such in <settings pass="specialize">:

 
        
<component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.micro...fig/2002/State" xmlns:xsi="http://www.w3.org/20...hema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>CMD /C secedit /configure /db %systemroot%\security\database\unattend.sdb /cfg %systemroot%\security\templates\unattend.inf /log %systemroot%\security\logs\unattend.log /overwrite /quiet</Path>
</RunSynchronousCommand>
</RunSynchronous>
</component>


In the meantime, I'll just edit the above to make the call from autounatted.xml as opposed to setupcomplete.cmd.


EDIT: THE ABOVE DOES NOT WORK FOR ME SO REVERTING ORIGINAL POST TO SETUPCOMPLETE.CMD

Edited by razormoon, 03 October 2007 - 04:54 PM.


#14
godinger

godinger
  • Members
  • 3 posts
You could also call renuser.exe (not a MS utility, but free) via a sync script in OOBE phase. This avoids having to modify the original image. This is how I do it and it works without issue.

#15
oidicle

oidicle

    Impressionable Two Faces

  • Members
  • Pip
  • 57 posts
Hi razormon, I've folowed your guide up to the part where I mount the Install.wim...
I can't seem to find that "x\temp" folder you referenced, I'm assuming the "x" is the the drive path or systemdrive... I've searched all my drives and there's no "temp", must I create it myself or what? I just need to drop those files I've created, the only thing that shows on the install.wim is "components" and "Packages"

please advise

nevermind, I've figured it out... but there's still one prob though, I don't have the "setupcomplete.cmd" file, is it really necessary, how do I create it?

Edited by oidicle, 07 December 2007 - 07:34 AM.


#16
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
Sorry 'bout that...

in \sources\$oem$\$$\setup\scripts\

SETUPCOMPLETE.CMD
 
@echo off

CMD /C secedit /configure /db %systemroot%\security\database\unattend.sdb /cfg %systemroot%\security\templates\unattend.inf /log %systemroot%\security\logs\unattend.log /overwrite /quiet

EXIT


Of course, you can add more commands here if you'd like.

Edited by razormoon, 08 December 2007 - 01:03 PM.


#17
oidicle

oidicle

    Impressionable Two Faces

  • Members
  • Pip
  • 57 posts
Thanks man, In fact I did add more commands to the setupcomplete.cmd, since I mounted the install.wim to the "temp" directory you specified, I ended up using the setupcomplete that was already there(windows\setup...) and modified it accordingly to install apps and add that line that you provided... it all went well... :thumbup

anyway, thanx for a great guide, I was strugling for two weeks to find a way to rename the "God Mode" :sneaky: administrator account, I thought I could do it without mounting the install.wim but I soon found out through unsuccesfull trial and error that it was seemingly impossible... but I guess it was a blessing that I had to download WAIK and do it through the install.wim because that enabled me to do my own customizations(drop new sidebar gadgets, change the default background, etc)...

CHEERS :hello:

Edited by oidicle, 09 December 2007 - 11:52 AM.


#18
razormoon

razormoon

    Little boots...!

  • Members
  • PipPip
  • 216 posts
One of the best things about WAIK? Removing stuff. Like those two icons on the quicklaunch bar (show desktop and switch desktop?)......grrr.

Glad it worked out! :D

Edited by razormoon, 14 December 2007 - 05:27 PM.


#19
jlombard

jlombard
  • Members
  • 3 posts
Hi Razormoon,

I tried this with Windows 2008 R2 and it is not working. Have you tried this on 2008 R2?

After the new os is built the template inf file is in the templates directory but the database is not. I checked with mmc/gpmc and none of the settings are there.


Any help would be much appreciated.



Thanks,
Jonn




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users



How to remove advertisement from MSFN