Cached domain credentials in Administrator account of Workgroup computer.

I setup a Windows XP Pro (SP2) computer, added programs, and tweaked the profile inside a secondary local administrator account, i.e., "Admin2". To obtain needed executables on a domain computer, I opened a remote folder via \\Computer_Name\Sharename, and provided the domain username and password when prompted. Then I logged out and logged in as "Administrator" (local), copied the Admin2 profile to the Default User folder. (I don't remember, but I may or may not have accessed the same \\Computer_Name\Sharename while logged in as Administrator).

To test it, I logged back in as Admin 2 and deleted the Administrator profile, then logged back in as Aministrator to recreate the Administrator profile. Here's the kicker: Any \\Computer_Name\Sharename on a Windows 2000 or Windows XP computer on the network in the domain, of which the local computer is not a part, opened via explorer or the run box opens without prompting for username and passsword. In other words, the credentials never cleared, even after several reboots and several attempts to delete and recreate the Administrator profile.

By the way, the account profile used to create the Default User profile, "Admin2" does not itself exhibit this behavior when logged in as Admin2. Checking the Saved Network Password control panel applet for Administrator shows no save passwords. Also, changing the workgroup name and rebooting did not fix the problem.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Is the local 'Administrator' password the same as is used on the domain?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Toni UranjekConsultant/TrainerCommented:

Click Start, Run, enter "control userpasswords2", press Enter, go to Advanced tab, click Manage passwords button and check if any netowrk related passwords are stored and the click Remove.


I would expect this.

You stated you created Admin2 BEFORE you copied the Administrator profile over the Default User profile.

Creating a template profile using the Administrator profile is NOT the proper way to do this.

The Administrator profile contains sections of the Registry that refer specifically to the Administrator's HKCU Hive and, thus many of the keys that store information the Administrator has.  Every new user that logs in will have their initial profile built up from Default User (with all the information the Administrator used to have).

Since you no longer have a standard Default User profile (copying from an untouched computer may not work), you'll now have to reload this box to get it back.

The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Napoloen_SoloAuthor Commented:
Thanks to all for your comments. Lamaslany was closest to the mark. Since posting, I received assistance from Microsoft tier 2 support and I learned that the Administrator password, being the same on the PC as other machines on the domain was the cause of the "cached" credentials.

Here's the funny thing: It does not matter if the 2 (or more) workstations in question are in the same workgroup or even if one workstation is in the domain and the other is NOT in the domain. If a username and password match on each workstation in the Local Computer security zone, each will have the other's rights on that workstation through the network.

Netman66, that keys are copied from the Administor's HKCU Hive to the Default User profile is what I intended to happen and is not a problem. In Microsoft KB article 887816 Microsoft states "...Windows XP SP2 Minisetup was modified so that, by default, Mini-Setup will copy any customizations from the local administrator account to the default user account. The default user account is used to build a profile when a new user logs on." This is only a problem if an admin wants to use some other profile than Administrator to customize the Default User profile in which case he can get a hotfix by calling Microsoft.

Yes, the mini-setup wizard will copy them - not you.  It strips off Administrator-specific registry information, whereas a copy does not.

Napoloen_SoloAuthor Commented:
Then hopefully, after I copied the Administrator profile manually, sysprep recopied and stripped out administrator-specific registry information?

Log in with an Account with Admin rights.
Load the NTUSER.DAT from the Default User Profile.
Search for "Administrator".

You'll see what I'm talking about.

Napoloen_SoloAuthor Commented:
Thanks Netman66. I beleive you. And I will do that if I have to. Can you point to a reference that delineates what those specific keys are? Possibly I could use ScriptLogic to strip them out if I knew what they were.
There will be a few.

Everything in the NTUSER.DAT is actually the HKEY_CURRENT_USER registry key.  Initially, the values are REG_EXPAND_SIZE because they use variables.  Once a user's profile is built from it, the variables actually resolve to the proper value in the key.

So, there are paths to Shell Folders, User Shell Folders, etc., that will now point to C:\Documents and Settings\Administrator - for every user created from this template.

You'll have to do a search and record them somehow.

Napoloen_SoloAuthor Commented:
Thanks, I was able to strip out the few erroneous Administrator Profile references in NTUSER.DAT and replace with %USERPROFILE%. Seems to work fine.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.