diff --git a/changes/18461-windows-lock b/changes/18461-windows-lock
new file mode 100644
index 0000000000..68dd284c2e
--- /dev/null
+++ b/changes/18461-windows-lock
@@ -0,0 +1 @@
+- Adds the ability to automatically log off and lock out `Administrator` users on Windows hosts.
\ No newline at end of file
diff --git a/ee/server/service/embedded_scripts/windows_lock.ps1 b/ee/server/service/embedded_scripts/windows_lock.ps1
index e4d9809fee..792cf71f19 100644
--- a/ee/server/service/embedded_scripts/windows_lock.ps1
+++ b/ee/server/service/embedded_scripts/windows_lock.ps1
@@ -1,10 +1,10 @@
 # PowerShell script to log off all non-administrative users and disable their accounts
 
-# Log off all non-administrative users
+# Log off all users
 $loggedOffUsers = @{}
 Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false } | ForEach-Object {
     $username = $_.LocalPath.Split('\')[-1]
-    if ($username -ne "Administrator" -and $username -ne $env:USERNAME -and -not $loggedOffUsers.ContainsKey($username)) {
+    if ($username -ne $env:USERNAME -and -not $loggedOffUsers.ContainsKey($username)) {
         try {
             $userSessions = query user | Where-Object { $_ -match "\b$username\b" }
             foreach ($session in $userSessions) {
@@ -25,8 +25,8 @@ Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.Special -eq $false }
     }
 }
 
-# Disable all non-administrative local user accounts
-Get-LocalUser | Where-Object { $_.Enabled -eq $true -and $_.Name -ne "Administrator" } | ForEach-Object {
+# Disable all local user accounts
+Get-LocalUser | Where-Object { $_.Enabled -eq $true } | ForEach-Object {
     $username = $_.Name
     Disable-LocalUser -Name $username
     Write-Host "Disabled account for $username"