can anyone figure this security issue?

[ab]

A user is logging on locally to a workstation as Administrator.
He then tries to access domain network shares, and never gets asked
for username/password.
Now i've read that its possible for this to happen if the local admin
password is the same as the domain admin, but its not!!!

Whats strange is that when I go to System Tools -> Shared Folders ->
Sessions, when he connects to the shares, the User is someone
completely different!! (and this user does have access to the shares).
I can't figure out how it gets this users credentials.


He is running Windows XP, and i'm wondering if its caching user
credentials or something?

Any info would be great.
Thankyou.

 

[Chriss3]

You can modify this policy Access this computer from the network and may
remove Everyone.

Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment\Access this computer from the network

(I'm not sure if Everyone are need for any system propose)

 

[ab]

But surely, if the network share only allows access to domain
administsrators, then a local administrator (with a different
password) should not get direct access.
?

 

[Rykel]

It's a long shot, but check to see if the SID for the local Admin is the
same as the SID for the domain user he 'seems to be' on the network server's
sessions list. It should never be, but a bit of black-hatting could be at
work.