Use Metro Apps As Admin AND Be Able To Sync, d/l Store apps, etc???

Enigma

New Member
Member
Messages
182
Location
Portland, Oregon, USA
OK, i'd like to make it clear that i'm using the so-called "real" Administrator account that is hidden but can be activated, not a regular account with admin privelidges. At first i was trying to figure out if Metro apps can be used by this account, and it appeared that they cant, but managed to find a trick to enable it. i did it by making sure UAC is on, making sure that FilterAdministratorToken is set to a value of 1 in the Registry, and by enabling "User Account Control: Admin approval mode for the built-in Administrator account" (secpol.msc [Local Security Policy]> Local Policies> Security Options).

So i did a bit more research and toying around, only to discover that although i might have found a workaround for running most Metro apps in general, i discovered that syncing, d/l'ing of apps from the Windows Store, etc is not possible unless you're using a Microsoft account.Please note that any other account with admin privelidges can use the apps without a hitch, as well as any Standard account. So it clearly is not a limitation of just having an admin account, alone.

Also, the built-in Admin is the only kind of account that cant be converted from a local account to a MS Account, all other accounts with admin privelidges can do so. If you look in the Control Panel and try to make changes to the account, you will find that the option isnt available, whereas with other accounts it is. This brings about the issue of not being able to sync or d/l Store apps. also note that there is a difference between logging into Windows with a MS Account, and simply accessing the apps while using a local account and then manually inputting your MS Account username/password when requested. By signing in with a MS Account no Metro app will ever prompt you to login after youve done so initially the first time, since it remembers your details, unless you've reset your password or account security has been compromised, etc. Judging from what i've read, my workaround enables most Metro apps to function except syncing, d/l'ing of Store apps, and perhaps a few other small things/issues, and so therefore this is not a true solution, since other accounts have none of these issues. Since the option to convert the real Admin account to a MS Account is not available, yet is available to other accounts with admin access as well as Standard accounts, then i (supposedly) cannot use these functions to the fullest extent.

I am the type of person who prefers to use Windows/Linux while logged in as root/Admin rather than a limited user, all day, every day, because i trust myself and my abilities, am very careful, meticulously maintain my systems with the utmost care and caution. i do understand that using Admin is considered to be a security risk, but it's a risk i'm willing to take and i dont mind learning from my mistakes in the event that bad things happen. i do not care to be told by Microsoft how to run my system, what i can do on them, etc. Complete and absolute control is what i demand, at least to the greatest extent possible considering that Windows is proprietary and closed-source, yet i depend on it for many things like running a business, gaming, etc.

I didnt post this to rant or spout my opinions, but to solicit feedback on how this issue(s) can be overcome or worked around without having to use a 2nd account to get the full features of Metro apps. I'm also wondering if there is possibly a way, official, unofficial , or otherwise, of being able to run a Metro app as another user account (whether local or MS Account doesnt really matter, i think), while still remaining on the Metro screen of the real Admin account without having to manually log into my 2nd account and access Metro from there. By perhaps using a "Run As" command/link/shortcut or similar. Maybe that sounded a bit long-winded and confusing, so just read carefully, maybe someone will understand what i'm asking. Also, please inform me if any of my conclusions are incorrect.

Any feedback/help is appreciated!
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64, Windows Server 2012 R2 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo G700
    CPU
    Intel Core i7-3632QM, 2.20 GHz
    Motherboard
    Lenovo
    Memory
    6 GB DDR3
    Graphics Card(s)
    NVIDIA 720M, Intel HD 4000
    Monitor(s) Displays
    1 monitor
    Screen Resolution
    1600x900 (max)
    Hard Drives
    1 TB HDD (5400 RPM), 1.5 TB HDD (5400 RPM) installed in a 12.7mm disc drive caddy
    Case
    Lenovo
    Keyboard
    Lenovo
    Mouse
    Laptop/notebook keyboard/touchpad
    Internet Speed
    It varies, since I'm mobile most of the time
    Browser
    Chromium (the open-source browser which Google Chrome is derived from)
    Antivirus
    Kaspersky, Malwarebytes, Spybot, Privatefirewall
    Other Info
    I will add more information here later
Hello Stephen, and welcome to Eight Forums.

Setting that security policy below to be enabled will basically just turn the built-in elevated "Administrator" account into an unelevated administator account that requires UAC approval to open or run anything that requires elevated rights to do so.

secpol.msc.jpg

This would be why you are able to open the Store afterwards, but you would still need to sign into the Store with any Microsoft account to be able to install any "Metro" Store apps.

You still will not be able to switch the built-in "Administrator" to be a Microsoft account. It can only remain as a local account.

Hope this helps, :)
Shawn
 
Last edited:

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
I really get a kick out of people that say "I know what i'm doing, and I don't want to be told what to do..." and then they can't figure out how to do what they want... lol. If you spent half as much time just getting used to using the system as designed, rather than trying to find workarounds to cripple the security of your computer.. you'd probably be a lot happier.

In any event, the problem here is that the Administrator account cannot be associated with a Microsoft account. This is for security and stability reasons (ie you could get locked out of your system in certain situations if this were the case). Microsoft isn't saying "Hey, lets mess with Enigma and make it so his administrator can't use Metro". There are technical reasons for their decisions.

Metro is tied to having a Microsoft account. the Administrator account can't be tied to such an account for security reasons.

Now the reasons why Administrator must be a local account are tied to the way that Windows creates user contexts, and how it does network based security (largely for Windows Domain Accounts) but they are using a similar system for Microsoft online accounts, which is why they have similar behavior.

Windows MUST have at least one local account that is never tied to network security. Without it, there's no way to bypass the network security.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    CPU
    Intel i7 3770K
    Motherboard
    Gigabyte Z77X-UD4 TH
    Memory
    16GB DDR3 1600
    Graphics Card(s)
    nVidia GTX 650
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Auria 27" IPS + 2x Samsung 23"
    Screen Resolution
    2560x1440 + 2x 2048x1152
    Hard Drives
    Corsair m4 256GB, 2 WD 2TB drives
    Case
    Antec SOLO II
    Keyboard
    Microsoft Natural Ergonomic Keyboard 4000
    Mouse
    Logitech MX
ok, well, thanks for the quick reply. i pretty much suspected that what you're saying is the case, well before i even bothered posting. i know exactly about the option described in my post and pictured in yours, and what it would do, i just had to see if the Metro apps would work afterwards, only to find that other stuff didnt quite work as they were supposed to. if Metro didnt retardedly insist on UAC being active i would have completely disabled it by now, Metro is one of the main reasons why i plan to buy 8 this time around instead of pirating Windows like i've traditionally done in the past.

Also, i'm wondering why i can manually sign into the Store, apps, etc, even though i cant convert my Admin account into a MS Account. Logically speaking its the equivalent of being signed in with an actual MS Account, so why shouldnt i be able sync and download Store apps? and besides that i think that local accounts are far better in terms of security, what would happen if hackers broke into MS servers and compromised millions of acounts, then suddenly all that data ppl have stored in the cloud are at risk. it has benefits but also risks that go along with it. its why i prefer my local Admin account over a MS Account for accesssing Metro. Surely they could build in a way for ppl to do this.

What is their rationale behind not allowing users with the Admin account to have full access to all Metro functionality? they say it's a security risk, but for that matter ANYONE accessing Metro apps with ANY admin account, built-in or not, is at risk since they have elevated privelidges. i know there are a few minor differences between real Admin and account with admin privelidges, but functionally speaking theyre nearly identical, if not 100% the same.

i can only hope that they rethink their thinking in the future, or at least allow the Admin account to become a MS Account while still retaining the full powers that go along with that local account. perhaps an update/patch, maybe. slim chances on that though.....

And what about somehow running a Metro app as another user (which exists as a MS Account on my pc) w/o having to leave my Admin start screen. like a Run As option or something. my issue is not so much having to maintain 2 accounts on my pc, but having to switch back and forth to access certain things, i much prefer to do it all from same account, same start screen, same desktop. its just easier that way. in all my yrs of using Windows i have rarely had a compromise or major security risk, and the times it did happen was solved swiftly.

Well , if anyone can think of anything at all, then please post. Thanks!



Mystere: i fully understand that they do so for security reasons, i just like to run my pc by my standards is all. and i just so happen to think i should be able to access the full features of Metro as Admin. i , and others, should be able/allowed to make our own decisions regarding whether we're willing to take a risk in exchange for the possibility of being able to use Metro without hassles. i respect your opinions, but i dont question your intentions or how you run your pc, etc, so let's just leave it at this and agree to disagree in regards to our system maintenance philosophies. we dont know each other, and i'd say i've done a damn good job of keeping my system and info safe. you're in no position to judge. it's nothing personal.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64, Windows Server 2012 R2 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo G700
    CPU
    Intel Core i7-3632QM, 2.20 GHz
    Motherboard
    Lenovo
    Memory
    6 GB DDR3
    Graphics Card(s)
    NVIDIA 720M, Intel HD 4000
    Monitor(s) Displays
    1 monitor
    Screen Resolution
    1600x900 (max)
    Hard Drives
    1 TB HDD (5400 RPM), 1.5 TB HDD (5400 RPM) installed in a 12.7mm disc drive caddy
    Case
    Lenovo
    Keyboard
    Lenovo
    Mouse
    Laptop/notebook keyboard/touchpad
    Internet Speed
    It varies, since I'm mobile most of the time
    Browser
    Chromium (the open-source browser which Google Chrome is derived from)
    Antivirus
    Kaspersky, Malwarebytes, Spybot, Privatefirewall
    Other Info
    I will add more information here later
You misunderstand what "security risk" means. It's not the kind of risk you think. The risk is that if your computer is not connected to the internet, then an account that is tied to a Microsoft account can get locked out. You can't log in. The purpose of the Administrator account not being able to be tied to a network account is to ensure that at least one user can always log into the system.

This is enforced for technical reasons. If they didn't do this, they would have people climbing down their throat for designing a system that can lock people out.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    CPU
    Intel i7 3770K
    Motherboard
    Gigabyte Z77X-UD4 TH
    Memory
    16GB DDR3 1600
    Graphics Card(s)
    nVidia GTX 650
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Auria 27" IPS + 2x Samsung 23"
    Screen Resolution
    2560x1440 + 2x 2048x1152
    Hard Drives
    Corsair m4 256GB, 2 WD 2TB drives
    Case
    Antec SOLO II
    Keyboard
    Microsoft Natural Ergonomic Keyboard 4000
    Mouse
    Logitech MX
Back
Top