Enable (or Disable) the Hidden Built-in Administrator Account in Windows

Windows includes a built-in account literally named Administrator. It’s disabled by default — Microsoft turns it off on purpose because it’s a full-power account that, left enabled and passwordless, is a security hole. But for recovery or one-off admin work, you can switch it on in seconds.

Enable it

Admin Command Prompt (right-click Start → Terminal (Admin)):

net user administrator /active:yes

Then set a password immediately — never run it open:

net user administrator *

On Pro/Enterprise you can also use Win + R → lusrmgr.msc → Users → Administrator → uncheck Account is disabled.

Sign out, and Administrator appears on the sign-in screen.

Disable it again (do this when you’re done)

net user administrator /active:no

Leaving the built-in Administrator enabled for day-to-day use is exactly what security guidance warns against — it bypasses many of the safeguards a normal admin account keeps. Use it, then turn it off.

Better alternative for normal use

Rather than running as the all-powerful built-in account, create a standard local account and elevate it to administrator only if needed. That keeps UAC and other protections in play.

FAQ

“System error 5 has occurred. Access is denied.” Your Command Prompt isn’t elevated. Close it and reopen as Administrator (right-click → Run as administrator).

I enabled it but it’s not on the login screen. Sign out (or reboot) — new accounts only appear after a sign-out. Also confirm the command returned “completed successfully.”

Is it safe to leave on? No. Enable it for the task at hand, set a strong password, and run /active:no afterward. For locked-out situations, see reset a forgotten local password.

Sources: Microsoft Learn — net user command