Share via

I can not access the secret Admin account or safe mode via restart blue menu

Dooood 40 Reputation points
2025-12-08T19:52:27.89+00:00

I just got a new laptop for work and it has Windows Pro 11 preinstalled on it.

I do not have admin rights after creating my account.

I have tried checking for policy resitriction via regedit;

I have tried net user administrator /active:yes via command prompt (this does not produce hidden Admin account at login)

I have tried adding a local user after turning net user to active and then adding.

Im stuck. If you can help please !!!

Windows for business | Windows 365 Business
0 comments

Answer accepted by question author

Domic Vo 22,525 Reputation points Independent Advisor
2025-12-08T21:22:21.99+00:00

Hello,

Thanks for clarifying that you’re the Global Systems Admin in Azure. Elevating a user in Azure AD gives them directory‑level roles, but it doesn’t automatically grant local administrator rights on a Windows device. Those two layers are separate: Azure AD handles identity and role assignments, while local admin rights are controlled by device policies.

On Windows 11 Pro machines joined to Azure AD, local admin rights are usually managed through:

  • Azure AD Join settings (whether users are added as local admins at enrollment).
  • Intune / Endpoint Manager device configuration profiles or security baselines, which can explicitly restrict or allow local admin membership.
  • Group Policy (if hybrid joined), which can override local settings.

So, even though you’ve elevated the user in Azure, you’ll want to check whether there’s a policy in Intune or Group Policy that prevents local admin assignment. The most direct way is to review the Device restrictions policy in Intune and confirm whether “Local administrators” is locked down. You can also manually add the user to the local Administrators group via Intune or a provisioning package if permitted.

Domic Vo.

Was this answer helpful?

0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domic Vo 22,525 Reputation points Independent Advisor
    2025-12-08T20:44:47.49+00:00

    **Hello **Dooood,

    I can see why you’re stuck here. It feels like you should be able to enable admin rights on a brand‑new laptop, but the reality is that work devices with Windows 11 Pro preinstalled are usually shipped with enterprise policies already in place. That means the machine is joined to your company’s domain or Azure AD, and the IT department controls who gets administrative privileges.

    That’s why the methods you tried editing the registry, activating the hidden Administrator account, or adding a local user don’t work. Those commands are blocked by Group Policy or Intune management. Even if you manage to create a local account, the system won’t let it elevate to admin because the organization has locked down that path.

    The only way to gain admin rights on this laptop is through your company’s IT administrators. They can either:

    • Grant your account local administrator privileges through their management console, or
    • Provide you with a separate admin account for tasks that require elevated rights.

    I hope this helps,

    If this guidance proves helpful, please kindly click “Accept Answer” so we know we’re heading in the right direction 😊. And of course, I’m here if you need further clarification or support.

    Domic Vo.

    Was this answer helpful?

    1 person found this answer helpful.
  2. Dooood 40 Reputation points
    2025-12-08T21:13:00.06+00:00

    I am the Global Systems Admin on Azure and I elevated the new user there as well. Is there something on Azure I need to change in terms of policies?

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.