It strikes me as another case where they’ve seen something good, tried to copy it, but missed the point: How this should work is that the Adminstrator account is enabled, but that you can’t log in as this account, no matter what. The graphical “Run as Adminstrator” and the command-line “runas” can then function identically (as would make sense), both sensibly using the now-available Administrator account. Indeed, this is exactly how the root account on MacOS works, with access if needed with “sudo”.

The problem with “Run as Administrator” when applied to a command prompt is that it’s not very fine-grained: Firstly, if I want to run one command with root privileges securely then I have to start a new command prompt for it, losing the environment of the one I’ve been working in. Once this new command prompt with elevated privileges is opened, everything run from it has elevated privileges. And finally, I can’t decide half way through a session that I need to do something as Administrator – it’s all or nothing.

Proof, if ever t’were needed, that Windows is really not designed for any amount of none-graphical use… and it appears that it has recieved little testing as such.

So, you never need touch the administrator account – you simply escalate your privileges when required using ‘run as administrator’.

If I use the “runas” command under a cmd window, it fails because the Administrator account is disabled, but if I right click on the search-box (or the resulting found icon?) in the start menu (obvious, mais-non?) then I can happily run the entire shell as the (disabled) Administrator user?!

Does that seem sorta crazy to anyone else? It makes my brain hurt.

‘sudo‘s had this down to a tee for years – why does Windows make everything so damned difficult?

Easy! Start > type ‘cmd’ into the search box. Then, right-click – ‘run as administrator’.

Done!