#Clients Have Admin Access when they should not!

Problem:

Client Workstations/Users have administrator access to a server when they should not.

At my job, we recently had an issue permissions. Every computer user on our network had admin access – not good! Client workstations were granted administrator access accidently when doing maintenance on our network. Our computer users are all standard “domain-users” were NOT admins on the network. This is what we discovered and how we solved this problem:

Microsoft now has now added something called Windows Credential Manager built into the Windows 10 OS. An Admin password was typed in on several client workstation computers (when we were troubleshooting another issue)…when our domain controller was not available. So that’s how this event happened…an admin logged into a client machine when the domain controller was unreachable. Well doing this sparked a series of unfortunate events. ..with the domain controller not being able to be contacted…The Admin password was STORED in the windows 10 credential manager….SO that is what was giving the various client computer “admin” access”. Making it appear that something was wrong with Active Directory…when the main issue was Windows Credential Manager.

Solution:

You need to delete the admin credentials and password held in Windows 10 Credentials Manager and the problem will be solved!


On the client workstation:

Open control panel

Open credentials manager

Select the  Windows credentials Tab

Delete the Admin Accounts that you see that do not belong and this will solve the issue.

POOF there it was staring us in the face…and ADMIN ACCOUNT AND PASSWORD – granting access to the entire file server….I never even heard of Windows Credential Manager before….so I would not have even known to look for it….it took 6 hours for my us to figure this out.

When did Microsoft “slip” that into the OS?   And why…why is it PERSISTENT?  Even when we logged out of the client machines and the client machines were rebooted….that credential manager HELD the admin password account info and granted full access to our file server. This problem was very hard to find and I hope us posting it here helps if you are going through the same issue.