Vista's UAC Can Cause Problems When Writing and Running Scripts

I developed RecycleBinInfo.vbs using Windows XP SP2 to test domain use and Windows Vista Home Premium to test local use. When I logged on to XP with a Domain Admins–level account, the script had no problems accessing the Recycler folders on Windows Server 2003 and Windows 2000 Server. However, when testing the script locally on Vista, I ran into a problem because of Vista's User Account Control (UAC). I discovered that even though I was logged on with an Administrator-equivalent account, the script was allowed access to only my Recycle Bin and no others on my Vista computer. Equally bothersome was UAC's annoying confirmation pop-ups asking for permission to continue.

Although I understand the need for heightened security, UAC makes developing and testing scripts more time-consuming and frustrating. Rather than disabling UAC (which isn't recommended), I figured out a workaround: Log on using Vista's built-in Administrator account.

By default, Vista doesn't offer you the choice of logging on under its built-in Administrator account. In fact, the Administrator account is disabled by default. Fortunately, enabling this account is fairly simple. Before I tell you how, though, please realize that you do so at your own risk and that you need to take every precaution to ensure the safety of your system and network. Exercise the same precautions you'd take when using XP while logged on with a Domain Admins–level account. Those precautions include

  • Using the Administrator account only when you absolutely need it. I use it only when I’m developing and testing a script that requires Administrator privileges.
  • Working only on the scripting task at hand. When you're logged on under the Administrator account, you shouldn't be surfing the Internet or performing some other task that could put your system or network at risk.
  • Logging off when you’re done working on the script, then logging back on with your regular account.

To enable the Administrator account, follow these steps:

  1. On the Start menu, click All Programs, then Accessories. Right-click Command Prompt, and choose the Run as administrator option. In the User Account Control dialog box that appears, click Continue. The Command Prompt window is now in administrator mode.
  2. In the Command Prompt window, run the command
    Net User Administrator /active:yes 
    to enable the Administrator account.
  3. To set the password for the Administrator account, run the command
    Net User Administrator pa$$w0rd 

    where pa$$w0rd is the strong password you want to use. Commit the password to memory; you'll need it if you want to log on as Administrator again.

  4. Close the Command Prompt window, and log off. You should now see Administrator as an available logon account. If you don't, restart your computer.

Now when you need to develop and test a script that requires Administrator privileges, you can log on with the Administrator account just created. When logged on under that account, you'll no longer get the annoying UAC confirmation pop-ups. More important, your script will be able to work with any folder or file on your Vista computer, so your script can access all the Recycle Bins for instance.

After you're done testing the script, you can write a .cmd file that uses Windows Script Host's (WSH's) wscript.exe to execute it. When it's time to run the finished script, you just need to right-click the .cmd file and select Run as administrator.

You can deactivate the Administrator account at any time. To do so, open a command prompt in administrator mode and run the command

Net User administrator /active:no 

Afterward, you'll no longer see Administrator as an available logon account.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.