If you encounter difficulties with a local administrator account’s inability to sign in to move a computer back onto the domain within your enterprise like I have recently, this guide will assist you in resolving the issue by disabling the built-in Administrator account and adding an existing local user from a default image to the local administrator group.
Note: PowerShell Scripts are blocked for execution by Group Policy Object (GPO) in our environment. Hence, we’ll be utilizing PDQ Inventory and its remote command tool for this solution.
First, open up PDQ Inventory > open up the Tools tab > open Run Command.

You will be brought to a screen that looks like the screenshot below. Copy the following code and paste it as shown below:
net user administrator /active:NO
This command disables the built-in Local Administrator account. Select the desired computers to execute the command against and click “Execute”.

Repeat the process, but this time use the following command:
net localgroup administrators (user) /add
Replace (user)
with the name of the local user you want to add to the administrators group. Again, select the target computers and execute the command.

After the commands complete on the selected computers, verify that the built-in local administrator account is disabled and the new local user has been added to the administrators group.


By following these steps, you will have successfully disabled the built-in local administrator account and added a new local user to the administrators group, resolving the issues faced.
Leave A Comment