diff --git a/templates/win2025-sysprep/scripts/Prepare-Win2025Sysprep.ps1 b/templates/win2025-sysprep/scripts/Prepare-Win2025Sysprep.ps1
index 6d56e53..34a6d88 100644
--- a/templates/win2025-sysprep/scripts/Prepare-Win2025Sysprep.ps1
+++ b/templates/win2025-sysprep/scripts/Prepare-Win2025Sysprep.ps1
@@ -17,13 +17,18 @@ function Write-Step {
 
 function Ensure-AdministratorEnabled {
     Write-Step "Enabling built-in Administrator account"
-    & net user Administrator /active:yes | Out-Null
+    $adminAccount = Get-CimInstance Win32_UserAccount -Filter "LocalAccount=True AND SID LIKE '%-500'"
+    if ($null -ne $adminAccount) {
+        & net user $adminAccount.Name /active:yes | Out-Null
+    }
 }
 
 function Enable-RemoteDesktop {
     Write-Step "Enabling Remote Desktop"
     Set-ItemProperty -Path "HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server" -Name "fDenyTSConnections" -Value 0
-    Enable-NetFirewallRule -DisplayGroup "Remote Desktop" | Out-Null
+    Get-NetFirewallRule -PolicyStore ActiveStore -ErrorAction SilentlyContinue |
+        Where-Object { $_.Service -eq "TermService" } |
+        Enable-NetFirewallRule | Out-Null
 }
 
 function Enable-WinRmForAnsible {
@@ -46,7 +51,9 @@ function Set-NetworkProfilesPrivate {
 
 function Ensure-FirewallRules {
     Write-Step "Opening firewall for WinRM"
-    Enable-NetFirewallRule -Name "WINRM-HTTP-In-TCP" -ErrorAction SilentlyContinue | Out-Null
+    Get-NetFirewallRule -PolicyStore ActiveStore -ErrorAction SilentlyContinue |
+        Where-Object { $_.Service -eq "WinRM" } |
+        Enable-NetFirewallRule | Out-Null
 }
 
 function Install-OpenSshServer {