This post has been imported from the old blog and has not yet been converted to the new syntax yet.
Today something very weird happened and I doubt something this weird will ever happen again.

I was working on a site at school when I browsed to a file-server to check some paths, and to my surprise I could suddenly access ALL shares, not only the ones for students, but all of them...

When I tried creating files they got made under BUILTIN\Administrators! But I was logged on with my own student account. So, being nice and all, I reported it...

Then we spent almost entire afternoon trying to determine why I was suddenly an admin.

And this is when the weird stuff started to happen:
On PC1 I was an admin on the server, but when I logged in to PC2 I couldn't access it.
We tried different student accounts on PC1 but they also couldn't access the shares.
Then we removed all groups from my account except Domain Users, and I still could get in.
We cleared the profiles from PC1 and 2 and also deleted my roaming profile.
Nothing changed...

First conclusion: It's tied to username X and PC1, examine PC1 later.

Then we go to another room and try it on different computers. And there it starts all over again.
PC3: I'm an admin, PC4: I'm not.

In the end we checked all groups I belonged to, and their membership, deleted my profile, checked all NTFS permissions (which I could change as well..), and nowhere there was a trace of me or any groups I belonged to. Nothing had admin rights.

We forced replication to make sure I was group-less but it still worked!

Conclusion: User X has the rights of an Admin, but does NOT show up in any group, NTFS permissions or anything else...

Solution: We disabled the account and created a new account.. (Which means I have to recreate my entire profile again...)

Has anyone else every encountered this, and found out why this was happening?
 
  • Leave a reply
    Items marked with * are required. (Name, Email, Comment)
    Comment is missing some required fields.
     
     
     
    To make sure you are not a computer, please type in the characters you see.