My identify is administrator on a domain

[Guest]

I am using Windows XP Professional Sp2, joined to our company domain. I have
all the latest security patches installed. Last week, my identity on the
network changed midday.

When logged into the domain on my personal account, my identity appears to
be the domain administrator in the following server applications: IIS,
Exchange. Also, when I access a network share, my identity appears as domain
adminstrator.

I only have this problem on one computer with my login. I was going to
delete my profile from this computer, but before I do that, I wanted to learn
why this may have happened. Any ideas or thoughts would be appreciated!

 

[Malke]

I am using Windows XP Professional Sp2, joined to our company domain.
I have all the latest security patches installed. Last week, my
identity on the network changed midday.

When logged into the domain on my personal account, my identity
appears to be the domain administrator in the following server
applications: IIS, Exchange. Also, when I access a network share, my
identity appears as domain adminstrator.

I only have this problem on one computer with my login. I was going to
delete my profile from this computer, but before I do that, I wanted
to learn why this may have happened. Any ideas or thoughts would be
appreciated!

Who used your computer recently? I would contact your IT Dept.
immediately.

Malke

 

[Guest]

No one. I had accessed a network share earlier in the day that had restricted
access (i.e. only my account could access it; domain administrator was
excluded). When I later went back, I was denied access. Originally I thought
it was a share problem. After alot of troubleshooting, I came to realize my
identity was domain administrator. No one had access to my computer. But if
they did, what would they have done to cause this problem? Any pointers are
appreciated.

Norm

 

[Malke]

No one. I had accessed a network share earlier in the day that had
restricted access (i.e. only my account could access it; domain
administrator was excluded). When I later went back, I was denied
access. Originally I thought it was a share problem. After alot of
troubleshooting, I came to realize my identity was domain
administrator. No one had access to my computer. But if they did, what
would they have done to cause this problem? Any pointers are
appreciated.

Let's make sure I really understand what you are saying, OK?

1. You have a regular domain user account on your laptop. You may or may
not have a regular local user account on the laptop (usually there
isn't one).
2. Your regular domain user account certainly is not a domain
administrator. That would be foolish.
3. You do not have a different account on your laptop that is a member
of the domain administrators group (as it should be).
4. Suddenly your regular domain user account has become a domain
administrator.

If the above points are correct, then someone changed the permissions on
your account since these things don't magically happen all by
themselves. Your regular user account on the server would have to be
elevated to a member of the domain administrators group. You should
contact your IT Dept. immediately so they can check the security of the
server and your laptop.

Malke

 

[Michael Bednarek]

No one. I had accessed a network share earlier in the day that had restricted
access (i.e. only my account could access it; domain administrator was
excluded). When I later went back, I was denied access. Originally I thought
it was a share problem. After alot of troubleshooting, I came to realize my
identity was domain administrator. No one had access to my computer. But if
they did, what would they have done to cause this problem? Any pointers are
appreciated.

[Snip]

There is another explanation: The Domain Administrator noticed that
access to that share/directory was restricted -possibly through an error
log in the domain's backup or anti-virus software- and removed the
restriction. At the same time, either by design or oversight, your
-formerly exclusive- access was also removed.

What else did you do that makes you conclude that your account has been
equipped with Domain Administrator rights? The command
NET USER your-username /DOMAIN
should show of which groups you are a member. The command WHOAMI /ALL
(from the Windows Resource Kit) display more detailed information about
security tokens.

 

[Steven L Umbach]

Check your stored credentials on that computer. While logged on use control
userpasswords2 in the run box and then go to advanced/manage passwords to
see if you have any stored credentials for access to the servers in
question.

Steve

 

[Guest]

Thank you all for your input. To answer a few of your questions, I was able
to determine my identity from the server's perspective (SBS 2003) by
monitoring the share status and exchange mailbox status. I was also able to
determine that my identity w.r.t. to IIS was administrator by looking at the
identity object in a small asp.net 1.1 application. I can't definitively say
my identity was changed, but it appears that way.

Thanks for the tips on other system utilities.

Since this problem only occurred on a single computer with my account, I
guessed that my profile (Windows XP) may be the culprit. So I deleted the
profile and then created again and voila! the problem went away. Not sure
what to make of that. If it happens again, I will try some of your
suggestions.

Thanks again, Norm.