debugger user autochange


G

Guest

We have several systems that keep changing our users from Administrator
to Debugger User on the local policy. We change the account back to
Administrator
but something (windows updates?) changes the account back to Debugger User.
I cannot find anything obvious in the group policy (2003std) to affect this.
Any ideas or help would be welcome.

Don Degner
 
Ad

Advertisements

S

Steven L Umbach

One possibility is that Local Security Policy or the policy that enforces
the setting, is renaming the administrator acount. You can see that security
option in Local Security Policy/local policies/security options - accounts:
rename administrator account.

Steve
 
G

Guest

Thanks for the response Steve!
I think I failed to convey the problem clearly - the user accounts
themselves are not being changed, only the rights - and then only for the
domain accounts - seemingly at random. We have gone into the local machines
and enabled the domain user - by name - to be a local administrator - the
user panel shows
domain/userxyz assigned to the administrator group. Then at some point
in time - the user account is being removed from the administrator group and
reassigned to the Debugger User group. Local accounts are not affected -
only the domain accounts. But it is not consistent...
Any other ideas?

thanks,
Don
 
S

Steven L Umbach

One possibility could be that Group Policy Restricted Groups are being
applied to the computers in question. I believe if you run rsop.msc on one
of the computers it should show if Restricted Groups are being applied to it
and by what Group Policy. RG can enforce group membership on domain
computers as in it can make sure that the users are members of certain
groups and not members of certain groups. It will not stop you from
configuring groups on the local computer but at the next GP refresh it will
change them back to the RG settings. The link below explains RG more and how
they are configured.

Steve

http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
 
G

Guest

I checked all group policies (I have 4) and none of them have any Restricted
Groups defined. Any other thoughts?
thanks,
Don
 
Ad

Advertisements

S

Steven L Umbach

Hmm. Can't say for sure. What you could do is to enable auditing of account
management for a domain computer this is happening on. Then you should see
an event in the security log when the group membership is changed with a
timestamp that may provide a clue and the name of the user that did the
change. If the user is system then a process on the computer or Group Policy
[though you seem to have ruled that out] is doing the change. I would check
Scheduled Tasks to see if it is running a script on a schedule to make the
changes.

Steve
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top