I don't know what is going on but I have shares that can be accessed by non-domain-joined computers via the local administrator account.
Removing domain\administrator removes the problem
Adding domain\domain admins creates the problem
adding domain\administrator creates the problem
From a random computer:
computername\administrator has access
computername\otheradministrator has no access
FYI the only other entry in the ACL is SYSTEM (full control)
Domain Functional level is Server 2003
Any clues would be appreciated.