Multiple Administrators?

J

John

I just ran the Microsoft Baseline Security Analyzer
(MSBA) from the Microsoft Website.

The results showed that I had 3 administrators
(Administrator, my account name, and a third one that I
have no idea about). The third one doesn't show up on my
startup screen, but the MSBS identified it as S-1-5-21-
869750193-...-1007.

What is this 3rd administrator? Did I get hacked?
Should I just ignore it? I can't find any reference to
the 3rd adminstrator as a user, but I did find a similar
name to it in the HKEY_USERS in the registry.

Thanks for any help.
 
D

Doug Knox MS-MVP

If you found it in HKEY_USERS, and you were the only user logged on, then that is the SID for your account.
 
D

David

You may be victim of a flaw in MBSA 1.1.1
If you run at a cmd prompt
net localgroup administrators
and see only two accounts listed then you are fine.
Click to expand...

Thanks Roger. I got hit by some Trojans from some websites. Got them
cleared. But, after reading your reply John, decide to check Localgroups
admin. I found an unknown admin call ktfod on my system.

So, I changed it to a limited account and changed the password on it to
make sure nothing important breaks. Then I'll delete it in a few days.

--

David

Programmers write "Help Files" for a reason. use them.

"Due to Viewer dicretion...
Graphic violence is advised"

http://www.HeroicStories.com/
http://www.thisistrue.com/
 
G

Guest

I tried "net localgroup adminstrators" at the command prompt, but the screen flashes by and goes away before I can even see it. Am I doing something wrong?

Thanks.
 
R

Roger Abell [MVP]

Try first doing a
Start / Run and there enter cmd
This gives you a cmd prompt where you would then enter
net localgroup administrators

As long as you recognize and have control over all accounts
listed as members of the administrators group you are fine

--
Roger
John said:
I tried "net localgroup adminstrators" at the command prompt, but the
Click to expand...
screen flashes by and goes away before I can even see it. Am I doing
something wrong?
 
G

Guest

Roger,
Thanks for the tips. I recognize and have contral over both adminstrators shown by the net localgroups administrator cmd.

The 3rd administrator that MBSA found didn't show up at all using that cmd. As previously mentioned, MBSA must have a flaw.

John
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Where are these Administrators? 6
Administrators 3
MBSA Reporting an Unknown Third Administrator Account 1
2 administrators 2
Computer Administrators 1
Computer Adminstrator 1
"ACCOUNT UNKNOWN" shows up under drive properties security tab 3
more administrators? 3

Top