2

Given a Windows 10 Sandbox instance, I want to run an Application as the local Administrator.

In a powershell console within a Sandbox instance, I tried using runas.exe:

PS > runas.exe /user:Administrator C:\Windows\System32\whoami.exe
Enter the password for Administrator:
Attempting to start whoami.exe as user "9880B335-37DC-4\Administrator" ...
RUNAS ERROR: Unable to run - C:\Windows\System32\whoami.exe
1326: The user name or password is incorrect.

What is the password for Administrator in a Windows Sandbox instance?

JamesThomasMoon
  • 752
  • 1
  • 6
  • 18
  • 3
    On my machine, the Sandbox admin password if needed would be the same as the host machine account admin password. I do not recall actually needing it except for normal apps needing to OK UAC. – John Oct 19 '21 at 22:41
  • 1
    Have you tried the existing local admin account pwd? MS using a default local admin password makes very little sense at all. Using a password you were prompted to create, or more likely, the existing local admin pwd, is more likely. – music2myear Oct 20 '21 at 03:24
  • "What is the password for Administrator in a Windows Sandbox instance?" - Whatever the password to the Administrator account on your machine. Since it's your machine we can't provide an answer to this question. The Administrator account by default is disabled. You might try changing the password using a different user account. – Ramhound Oct 20 '21 at 12:55
  • Thanks everyone for the suggestions. The password is blank! See the Answer below. – JamesThomasMoon Dec 29 '22 at 03:03

1 Answers1

1

tl;dr the Windows Sandbox Administrator must be enabled and blank passwords allowed. The password is blank.

Enable Administrator

By default, the Windows Sandbox Administrator account is disabled.

PS > Get-LocalUser -Name "Administrator"

Name          Enabled Description
----          ------- -----------
Administrator False   Built-in account for administering the computer/domain

To enable the Administrator account

net user "Administrator" /active:yes

Allow blank passwords

Then set policy Accounts: Limit local account use of blank passwords to console logon only to Disabled.

  1. Start gpedit.msc
  2. Browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  3. Open Accounts: Limit local account use of blank passwords to console logon only
  4. Select Disabled
  5. click Apply and OK

enter image description here

runas Administrator using blank password

To test, start an elevated cmd.exe command using runas.exe. Use a blank password (just press Enter)

PS > runas.exe /user:Administrator C:\Windows\System32\cmd.exe
Enter the password for Administrator:
Attempting to start C:\Windows\System32\cmd.exe as user "3C3F3100-C191-4\Administrator" ...

In the new cmd.exe window, check the user

C:\Windows\system32>whoami.exe
3c3f3100-c191-4\administrator
JamesThomasMoon
  • 752
  • 1
  • 6
  • 18