Potential 1809 Admin Lockout Discovered
Here’s an interesting and new possible gotcha for Windows 10 1809, courtesy of Martin Brinkmann at Ghacks.net. It’s not inevitable, merely possible. The gotcha depends on two conditions to manifest. Condition 1: the built-in Administrator account is enabled (it’s disabled by default in Windows 10). Condition 2 is it’s the only account with admin level access a PC upgrading from 1803 to 1809. Should both conditions hold true, users of affected PCs would be devoid of admin-level access on those machines. That’s why I assert that a potential 1809 admin lockout discovered could pose problems for some PCs.
For those who read Japanese, the original report from the Network & AD Support team in that language may make sense.
[Click image for full-sized view.]
Avoiding the Potential 1809 Admin Lockout Discovered
The easiest way to steer clear of this gotcha is to make sure to disable the built-in Admin account on 1803 PCs before upgrading them to 1809. Of course the PC needs at least one other account with Administrator privileges. This prevents the problem from occurring altogether. According to Brinkmann’s article: “MS reveals that it is working on a solution for the issue.” In the meantime, they recommend avoiding upgrades on PCs where the built-in admin account is the only elevated account defined or available.
Here’s a quick way to check. Run Manage Accounts in Control Panel, then click “Manage another account.” You’ll see a list of accounts and their privilege levels appear in response. You want to see at least one account that’s not named “Administrator” with Administrator privileges to avoid the possibility of an admin lockout on a PC upgraded from 1803 to 1809. Then, it’s safe to proceed. Safer still, you could temporarily disable the built-in Admin account before upgrading, then re-enable it afterward.
For various reasons, my production PC has two Administrator level accounts enabled: my usual login, and an “extra.”