"Yes" is disabled in Windows 10 elevation dialog

Question

I can't elevate to administrator on my installation of Windows 10. When I try, I get the normal message:

Do you want to allow this app to make changes to your PC?

There is a "Yes" button and a "No" button, but Yes is grayed out. This happens no matter what program I try to elevate. I can't even run an elevated command prompt or get to the Control Panel because this message just blocks me.

This all started with the question of how to let Windows and it's default permissions let me install my backed-up fonts from the previous machine.

whoami /all produces:

User Name                 SID
========================= ============================================
desktop-tq1ddhd\matdoidge <redacted>


GROUP INFORMATION
-----------------

Group Name                             Type             SID          Attributes
====================================== ================ ============ ==================================================
Everyone                               Well-known group S-1-1-0      Mandatory group, Enabled by default, Enabled group
BUILTIN\Users                          Alias            S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE               Well-known group S-1-5-4      Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                          Well-known group S-1-2-1      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users       Well-known group S-1-5-11     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization         Well-known group S-1-5-15     Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Local account             Well-known group S-1-5-113    Mandatory group, Enabled by default, Enabled group
LOCAL                                  Well-known group S-1-2-0      Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\NTLM Authentication       Well-known group S-1-5-64-10  Mandatory group, Enabled by default, Enabled group
Mandatory Label\Medium Mandatory Level Label            S-1-16-8192


PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled

There are no other admin accounts on the computer. How do I get administrative privileges back?

Answer 1

If you don't know the Administrator password or if it's disabled, you'll need to boot into a different OS to reset the password or otherwise get system-level access. I'm partial to using Universal USB Installer to produce a live Ubuntu disk and then using that to copy cmd.exe to sethc.exe. (Make a back-up of sethc.exe before you write over it!) When Windows comes back up to the login prompt, hit Shift five times, and you'll have a command prompt running as SYSTEM, from which you can do anything.

If you have a Windows recovery disk or the installation media, you do the same tricks without any of the Linux.

Once you get the admin command prompt, you can run net localgroup administrators /add matdoidge to make your normal account an admin. (To enable the Administrator account, do net user administrator /active:yes.)

Answer 2

Thank you to @BenN for his answer pointing me in the right direct.

Please note I am not accepting Ben's Answer as I found only the last part worked - or at least was understandable for me personally, so I felt it best to post what worked for me.

I fixed the issue by booting via my USB which has the installation of Windows on. I then went to 'repair' and then 'advanced' and accessed the command console.

From here I activated the admin account by entering:

net user administrator /active:yes

Then I rebooted and logged in via the admin account and ran another console and entered:

net localgroup administrators /add matdoidge

Then I disabled the admin account by running

net user administrator /active:no

And rebooted. Seems to have worked this time. I am not sure how I got to that point in the first instance, but very happy I can now use the machine properly again. Thank you to everyone, specially @BenN.