Manage Learn to apply best practices and optimize your operations.

How to enable Windows 8.1 settings for admin troubleshooting

Changing default Windows 8.1 settings -- such as the dialog box confirming file deletion -- is easy and potentially useful for desktop admins.

There are several cases when you might want to tweak the default behavior of Windows 8.1 settings. For example, you might not want users to launch the Windows Store and install any applications.

In a controlled environment, you can always configure Group Policy Objects (GPOs) at an Active Directory domain controller and have these settings applied to all domain-joined PCs. However, there are situations where you might not have Active Directory and you would still want to control these Windows 8.1 settings using the local tools.

Let's start with how to set up the local administrator account and enabling the file deletion confirmation dialog.

Enabling the local admin account

When you install Windows 8.1 on a PC, a local account named Administrator is created with a blank password. This account is disabled by default. The local administrator account has the highest privileges on the system. You might want to enable the local admin account for Windows 8.1 troubleshooting or some other purpose.

There are three ways to set up the local administrator account:

  1. Using the Computer Management snap-in for the Microsoft Management Console, navigate to Local Users and Groups and then click on Users node to see the list of the available users. Click the Administrator account, and uncheck the Account is disabled checkbox on the General tab.
  2. Execute the Net User Administrator Activate: yes command in the command prompt.
  3. Using Local Group Policy Editor, navigate to Local Policies > Security Options, and then double-click the Accounts: Administrator Account Status setting to bring the GPO setting window. In the GPO setting window, click on the Enabled radio button to enable the local admin account. The GPO setting can also be used at an Active Directory domain controller if you need to open the local admin account for multiple domain-joined PCs.

Any of the methods described above might fail to set up the local administrator account if it does not meet password policy requirements. The change also may not succeed depending on the following conditions:

  • If the PC is joined to an Active Directory domain, an administrator might have configured the complex password policy requirements. If that is the case, then enabling the local admin account will fail because its default password is set to blank. To overcome this, you must reset the password before you can enable it.
  • If PC is not joined to an Active Directory domain, you can easily enable the local administrator account. It is because, by default, when you install the OS, it disables the password policy requirement. Note that this GPO setting applies to both Windows 8 and Windows 8.1.

Establish the confirmation dialog for file/folder deletion

By default, Windows 8.1 does not show the confirmation dialog when deleting a file or folder. Every deleted file or folder goes to the Recycle Bin, and you have an opportunity to restore deleted files and folders to their original locations.

In some cases, you might want to enable the confirmation dialog before a deleted file or folder goes to the Recycle Bin. There are three ways to enable the confirmation dialog: using Local Group Policy Editor, using the local registry editor or configuring a setting on the property of the Recycle Bin.

To configure using the Local Group Policy Editor, begin by navigating to the User Configuration\Administrative Templates\Windows Components\File Explorer. To open the GPO setting window, double-click on Display confirmation dialog when deleting files. In that window, click the Enabled radio button to allow users to see a confirmation dialog box when deleting a file or folder.

The above GPO setting, when configured either from the Local Group Policy Editor or the Active Directory GPO, creates a registry entry called ConfirmFileDelete at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer registry location on the local computer, as shown in Figure 1.

Figure 1

A GPO setting allows admins to display a dialog box when a file is deleted.
Use Group Policy Editor to set a confirmation dialog for file or folder deletion.

Users can also change this behavior by navigating to the property page of the Recycle Bin and then checking the Display delete confirmation dialog checkbox on the General tab, as shown in the screenshot below:

Figure 2

Set deletion default notification in Recycle Bin Properties.
Here is a simple way to set a dialog box to appear during file deletion.

If the Display delete confirmation dialog option is grayed out, that means this setting is controlled by a GPO setting configured either using the Local Group Policy Editor or at an Active Directory domain controller. Note that this applies to both Windows 8 and Windows 8.1.

In my next article, we'll look at how to prevent the uninstallation of Windows 8 apps and how to disable the Windows Store.

Next Steps

Learn how to use new Group Policy settings to control the Windows 8.1 UI

Provide users a standard Windows 8.1 Start screen with Group Policy

Troubleshooting a Windows system that won't shut down

Keep users from messing with the Windows Control Panel

Connecting to networks with Windows 8 Group Policy and Active Directory

Desktop Group Policy settings can help secure local admin groups

Dig Deeper on Windows 8 and 8.1

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Have you changed any of the default Windows 8.1 settings, and why?

I would recommend using the Microsoft Security Compliance Manager (SCM) as the Baseline for All Microsoft Applications and Operating Systems.  SCM templates will have the default security settings and the recommended security settings for a more secure environment.

I am not saying to do everything Microsoft recommends because your legacy environment may not support certain parameter settings.  So, "vet" each Parameter and Setting.

When you have customized your own Template, SCM has an export feature to create GPOs.  So all you need to do is "restore" the exported GPO into AD and the settings are "nearly" done.  Like all things TEST in a TEST OU first before going into production.

I have changed a number of the default settings, mostly because I am running some legacy apps that will not run under the default settings of it.  In some cases these are tweaks that had to be done, and do not need to done for everyone.  If it is an issue that has to be done and provided to everyone else, you can export this change as a .reg file and re-import to every one else.  One of the very very critical things that you do though, is do backups of everything before you change it, so you can restore it the change does not work.  This is very important.