The Invisible Administrator
I was working on a site at school when I browsed to a file-server to check some paths, and to my surprise I could suddenly access ALL shares, not only the ones for students, but all of them...
When I tried creating files they got made under BUILTIN\Administrators! But I was logged on with my own student account. So, being nice and all, I reported it...
Then we spent almost entire afternoon trying to determine why I was suddenly an admin.
And this is when the weird stuff started to happen:
On PC1 I was an admin on the server, but when I logged in to PC2 I couldn't access it.
We tried different student accounts on PC1 but they also couldn't access the shares.
Then we removed all groups from my account except Domain Users, and I still could get in.
We cleared the profiles from PC1 and 2 and also deleted my roaming profile.
Nothing changed...
First conclusion: It's tied to username X and PC1, examine PC1 later.
Then we go to another room and try it on different computers. And there it starts all over again.
PC3: I'm an admin, PC4: I'm not.
In the end we checked all groups I belonged to, and their membership, deleted my profile, checked all NTFS permissions (which I could change as well..), and nowhere there was a trace of me or any groups I belonged to. Nothing had admin rights.
We forced replication to make sure I was group-less but it still worked!
Conclusion: User X has the rights of an Admin, but does NOT show up in any group, NTFS permissions or anything else...
Solution: We disabled the account and created a new account.. (Which means I have to recreate my entire profile again...)
Has anyone else every encountered this, and found out why this was happening?