Fix “Microsoft Edge can’t be opened using the Built‑in Administrator account” (The Right Way to Turn Off the Block)

Summary

The error happens because the Built-in Administrator runs without UAC, which blocks modern apps like Edge.

The fix is to enable Admin Approval Mode and UAC for the Built-in Administrator (not to disable more policies).

You can apply the fix via Local Security Policy, Group Policy, or the Registry (for Home editions).

A sign out or restart is typically required for changes to take effect.

This approach preserves security and restores Edge and other modern apps.

Why this error appears

If you sign in with the Built-in Administrator account and UAC (User Account Control) is disabled or not using “Admin Approval Mode,” Windows blocks modern/Store apps, including Microsoft Edge. That’s by design. To “turn off the policy causing the block,” the correct move is to turn on Admin Approval Mode for the Built-in Administrator and ensure UAC is enabled.

• Microsoft documents that when Admin Approval Mode isn’t enabled, the Built-in Administrator runs everything with full privileges, which breaks UWP/Store apps like Edge. Enabling Admin Approval Mode allows elevation prompts and restores app functionality Microsoft: Admin Approval Mode for the Built-in Administrator account.
• UAC settings govern the overall behavior and must be enabled for any of this to work Microsoft: UAC settings and configuration.

In short: don’t disable more security to bypass the message. Instead, enable the correct UAC policies so Edge opens under the Built-in Administrator safely.

Quick decision guide

Ideal (safer): Use a separate local or Microsoft account with administrator rights instead of the Built-in Administrator. This avoids special restrictions and is Microsoft’s best practice.

If you must use the Built-in Administrator: Enable Admin Approval Mode and UAC. That “turns off” the block by putting the Built-in Administrator into a supported mode for modern apps.

Fix 1: Local Security Policy (Windows 10/11 Pro, Enterprise, Education)

1 - Open Local Security Policy

Press Windows+R, type secpol.msc, and press Enter.

2 - Enable Admin Approval Mode for the Built-in Administrator

Go to Security Settings > Local Policies > Security Options.

Find “User Account Control: Admin Approval Mode for the Built-in Administrator account.”

Set to Enabled.

This aligns with Microsoft guidance to allow elevation prompts for the Built-in Administrator instead of running everything fully elevated Microsoft: Admin Approval Mode for the Built-in Administrator account.

3 - Ensure “Run all administrators in Admin Approval Mode” is Enabled

In the same list, set “User Account Control: Run all administrators in Admin Approval Mode” to Enabled.

Note: Changing this setting requires a restart on many builds Microsoft: UAC settings overview.

4 - (Recommended) Set prompt behavior

Set “User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” to “Prompt for consent on the secure desktop” (the setting Microsoft recommends in the Admin Approval Mode article above).

5 - Apply and close

Sign out and sign back in. If Edge still fails, restart the PC.

Fix 2: Group Policy (domain or local GPO)

If your device is domain-joined or you prefer Group Policy Editor:

1 - Open the editor

Press Windows+R, type gpedit.msc, and press Enter.

2 - Configure these policies

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options:

User Account Control: Admin Approval Mode for the Built-in Administrator account = Enabled

User Account Control: Run all administrators in Admin Approval Mode = Enabled

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode = Prompt for consent on the secure desktop

3 - Update policy and reboot if needed

Run gpupdate /force in an elevated Command Prompt, then sign out/in or restart.

Notes: Domain GPOs can override local settings. If the error persists, check with your IT admin or audit Resultant Set of Policy (rsop.msc).

Fix 3: Registry method (Windows Home or when policy editors are unavailable)

Warning: Back up the registry or create a system restore point before editing.

1 - Open Registry Editor

Press Windows+R, type regedit, press Enter.

2 - Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

3 - Set these values (DWORD)

EnableLUA = 1

Must be 1 for UAC to be on. A restart is typically required after changing this.

FilterAdministratorToken = 1

Puts the Built-in Administrator into Admin Approval Mode.

(Optional) ConsentPromptBehaviorAdmin = 2

“Prompt for consent on the secure desktop,” matching Microsoft’s recommendation.

(Optional) PromptOnSecureDesktop = 1

Example export snippet for reference:

Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Values:

EnableLUA = 1

FilterAdministratorToken = 1

ConsentPromptBehaviorAdmin = 2

PromptOnSecureDesktop = 1

4 - Restart

Sign out and back in, or restart the PC to ensure the changes take effect.

These registry keys reflect the same behavior as the policies documented by Microsoft Microsoft: Admin Approval Mode for the Built-in Administrator account and Microsoft: UAC settings and configuration.

How to verify it worked

Sign in with the Built-in Administrator account again.

Launch Microsoft Edge from Start or taskbar.

If it opens normally, the policy block was effectively “turned off” by enabling Admin Approval Mode and UAC.

If Edge still won’t open:

• Confirm UAC is enabled (Control Panel > User Accounts > Change User Account Control settings; the slider should not be at “Never notify”).
• Check if domain Group Policy is overriding your local settings.
• Confirm no AppLocker/WDAC policies are blocking Microsoft Edge.
• Try creating a new administrator account and test Edge there to rule out profile issues.

Security notes and best practices

Microsoft recommends not using the Built-in Administrator for daily work. Use a standard account, elevate as needed, or use a separate admin account when required Microsoft: Admin Approval Mode guidance.

Enabling Admin Approval Mode and keeping UAC on preserves key protections while restoring Edge and modern app functionality.

Conclusion: Turn off the block by turning on the right policies

The message isn’t asking you to disable more security—it’s telling you the Built-in Administrator is running without UAC, so modern apps won’t start. The reliable fix is to enable Admin Approval Mode for the Built-in Administrator and ensure UAC is on. Apply the change via Local Security Policy, Group Policy, or the Registry, then sign out or restart. You’ll get Edge back—without trading away important protections.