Company Web logging every user in as Administrator

My Company Web server has started logging every user in as administrator.  It actually says "Welcome Administrator" even though we are logging in with John Doe account information, not administrator information.
Users can now see sensitive information that they shouldn't see.
TereciaBurgessAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sam_gibsonCommented:
Is IIS running the websites or the associated application pools as Administrator?  Or has the built-in IUSR_computername account been replaced with the Administrator account as the anonymous web user?
TereciaBurgessAuthor Commented:
IIS is running as Admin.  We've been running this way for months.  However, last night, we noticed that everyone is logging in as administrator instead of themselves.  It happened before Windows Update automatic reboot at 3, so I can't blame a Windows update.
TereciaBurgessAuthor Commented:
I am seraching event viewer and Sharepoint logs to see if I can pinpoint the issue.  Seems to have happened between 1:45 pm and 8:33 pm (big window, but that's when I can see the change-over).
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

sam_gibsonCommented:
Anything in the event logs from that timeframe?
TereciaBurgessAuthor Commented:
Nothing related to IIS or Sharepoint.  I've restarted IIS Admin service on the machine - same results.  I doubt restarting the Sharepoint services will result in different results.  I've got the Central Admin open and am looking for clues there.  
sam_gibsonCommented:
Even though it happened before the WSUS reboot, do some research into the latest updates that were applied.  The update may have been able to install immediately when it was pushed down.  I've had strange behavior come from an update, and I ended up having to back out the problem update.
TereciaBurgessAuthor Commented:
As it turns out, I don't this is the case.  The last updates to install we on 4/16.  The reboot was weekly at 3 this morning... if the problem was a result of the update, we would have seen this issue on 4/16 since that's when the updates installed.  I'm still running a report on Central Admin for recent events if any.  
quihongCommented:
Check your IIS configuration for the web app.

The only thing I can think of that would cause this behavior is if somehow the configuration on the IIS web app is using Anonymous Access and you are using your SharePoint Admin account.

Right Click on Properties->select the Directory Security Tab. Click the Edit button under Authentication and access control. Is Enable Anonymous access checked?

Below is a screenshot of how it suppose to look, assuming you use Windows Integrated Authentication.


Capture.JPG
TereciaBurgessAuthor Commented:
We are using SBS 2008.  Unless I'm missing something, I don't have these settings as esily available to me.  Here is what I have found as far as the advaced settings on the SharePoint website.
Untitled.jpg
TereciaBurgessAuthor Commented:
Wait, found the info; Anonymous login is already disabled.
TereciaBurgessAuthor Commented:
I got it resolve.
For those with the same issue:
1. Within IIS, view home of SBS SharePoint (or whatever you are calling your companyweb).
2. On the Action panel, under Edit Site, choose Basic Settings.
3.  Make sure you are using pass through authentication as shown in this image (I had authenticate as administrator for some reason).
Untitled2.jpg

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
samer_othman82Commented:
check the site administrator group maybe you will find all the AD users inside that group
i dont think its IIS case, i think some one gave all the people administrator privileges so go and check the permission from inside the sharepoint
TereciaBurgessAuthor Commented:
The AD group for site administration only contains 2 of the 8 people accessing SharePoint.  The Members group contains the remaining 6 people.  In the Central Admin, only those in the site administration AD group are listed as administrators.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.