0

Since we run Windows 7-clients in our windows-server domain I have a specific use case that has become more inconvenient:

On the client-site, being logged-on as an user with restricted rights and having the user account control (UAC) activated on the highest level, you can run an application with administrative privileges by right-clicking onto it and choosing “Run as administrator”.

After that, a popup window is shown and asks for the username and password.

As a domain member you now have to enter your full hostname with a backslash following and the user name with administrative privileges (e.g. Administrator) in order to authenticate as local administrator.
On XP-machines you simply had to type in “Administrator” for the username.

That makes administration more inconvenient if you run various Windows-7 clients in a company, because you always have to lookup the hostname for the machine on which you want to run something with administrative privileges.

Is there a registry setting or a good workaround that lets you authenticate as administrator without having to enter the hostname for the machine, but not using tools like "RunAsSPC" or "Steel RunAs"?

EEAA
  • 109,363
  • 18
  • 175
  • 245
Master of Celebration
  • 123
  • 1
  • 1
  • 6
  • This isn't really an answer to your question, but rather an alternative. In a domain, I would typically not use a local account for administration, but instead a domain account that has administrative rights over the computer. – MattB Dec 06 '10 at 17:53
  • sure, but I can not use a shared domain account (which could be in the local group of administrators), because every machine's administrator password shall be different from the other's – Master of Celebration Dec 07 '10 at 08:00
  • The way I've always seen it done is you create a domain group called "computer admins" or whatever, put all of the accounts that need to administer computers in it, then that domain group goes into the local admin group on each computer via group policy/etc. – MattB Dec 08 '10 at 15:43
  • that would be fine. but if I would do it by using domain groups, every member in that group could administrate every computer having it added to the local admin group. The sense behind "every machine's administrator password shall be different from the other's" is not to allow everybody to administrate each employees machine – Master of Celebration Dec 10 '10 at 09:38

1 Answers1

1

I put the same question on SuperUser.com and I got an answer:

When you want to authenticate to the local computer, you can use a dot instead of the hostname. This doesn't make the issue go away entirely, but at least it prevents you from having to look up hostnames since . works everywhere.

Username: .\Administrator
Password: * * * * * * *

In certain contexts, localhost will work instead. I haven't yet found a situation where either . or localhost doesn't work, but I'm sure there is one somewhere.

Stephen Jennings

Community
  • 1
Master of Celebration
  • 123
  • 1
  • 1
  • 6