Remove From My Forums

phantom user

Question
0

Sign in to vote

If I look in the control panel UserPasswords2 it lists a user I don't know. I set up this system and I and the user have been in as Admin and as "Joe". Joe is a domain AD user. Desktop so never moved. The phantom name is not in AD, has no folder under c:\users, but there is activity in the security event log. This system is accessed by remote desktop for work from home but thru a VPN. Joe has not complained about being bumped off as you would expect if Phantom logged on. I'll change passwords and delete this user etc. Security software finds no problems. But what the heck do I make of this phantom user? Thanks.

Thursday, July 23, 2020 7:11 PM

All replies

0

Sign in to vote
Hi,

Open netplwiz.

Uncheck the box for "Users must enter a user name and password to use this computer." Then click apply. On the window that pops up, click cancel. The check box for "Users must enter a user name....." should be checked again. Click OK.

Hope above information can help you.

This "Windows 10 Security" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

"Windows 10 Security" forum will be migrating to a new home on Microsoft Q&A!

We invite you to post new questions in the "Windows 10 Security" forum's new home on Microsoft Q&A!
For more information, please refer to the sticky post.
- Edited by FarenaMicrosoft contingent staff Friday, July 24, 2020 8:23 AM
Friday, July 24, 2020 6:52 AM
0

Sign in to vote

Farena, maybe I'm just missing something but how does this explain or deal with the phantom user? Thanks.

Saturday, July 25, 2020 3:31 AM

If I look in the control panel UserPasswords2 it lists a user I don't know.

What is the name of this phantom user? What groups is it a member of?

Look in Local Users and Groups or use Powershell to query users.

PS C:\> get-localuser

Name               Enabled Description
----               ------- -----------
Admin              True
Administrator      False   Built-in account for administering the computer/domain
DefaultAccount     False   A user account managed by the system.
Guest              False   Built-in account for guest access to the computer/domain
sshd               True
sysconsole         True    915 admin account
testuser           True
WDAGUtilityAccount False   A user account managed and used by the system for Windows Defender Application Guard scen...

PS C:\Temp> Get-LocalUser admin | Format-List -Property *

AccountExpires         : 
Description            : 
Enabled                : True
FullName               : 
PasswordChangeableDate : 5/31/2019 1:26:47 PM
PasswordExpires        : 
UserMayChangePassword  : True
PasswordRequired       : True
PasswordLastSet        : 5/31/2019 1:26:47 PM
LastLogon              : 5/25/2020 12:18:00 PM
Name                   : admin
SID                    : S-1-5-21-3320722524-193523071-2819253668-1008
PrincipalSource        : Local
ObjectClass            : User



PS C:\> get-localgroupmember -Name administrators

ObjectClass Name                  PrincipalSource
----------- ----                  ---------------
User        TEST10B\Admin         Local
User        TEST10B\Administrator Local
User        TEST10B\sysconsole    Local

Edited by MotoX80 Sunday, July 26, 2020 11:58 AM

Saturday, July 25, 2020 12:11 PM

0

Sign in to vote

Hi,

Just checking in to see if the information provided was helpful.

If the reply helped you, please remember to mark it as an answer.

If no, please reply and tell us the current situation in order to provide further help.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, July 27, 2020 8:00 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

phantom user

Question

All replies