administrator user unable to login, suspicious user accounts "sky$", "admin$"

Posted by mks on Server Fault See other posts from Server Fault or by mks
Published on 2011-01-04T06:40:33Z Indexed on 2012/09/02 3:40 UTC
Read the original article Hit count: 598

I have a Windows 2008 R2 Standard (64 bit) running in a virtual machine. Suddenly from yesterday onwards I am not able to login as administrator. Nobody changed the password. Both in the console as well as using remote desktop I am unable to login. Whenever I login as Administrator I am getting this error:

"The user name or password is incorrect"

Nothing has changed in the machine and I have logged in the past successfully both through console and via remote desktop several time on the same machine.

One strange behaviour I noticed is, I am seeing some additional user accounts if I try to login as other user. The suspicious user account are:

sky$ admin$ SUPPORT_388945a0

Is it created by some malware/virus? Or is it some windows hidden account? Microsoft site says that SUPPORT_388945a0 is:

The Support_388945a0 account enables Help and Support Service interoperability with signed scripts. This account is primarily used to control access to signed scripts that are accessible from within Help and Support Services. Administrators can use this account to delegate the ability for an ordinary user, who does not have administrative access over a computer, to run signed scripts from links embedded within Help and Support Services. These scripts can be programmed to use the Support_388945a0 account credentials instead of the user’s credentials to perform specific administrative operations on the local computer that otherwise would not be supported by the ordinary user’s account. When the delegated user clicks on a link in Help and Support Services, the script executes under the security context of the Support_388945a0 account. This account has limited access to the computer and is disabled by default.

However I am not sure from where this "admin$" and "sky$" came. Anyone has similar experience?

© Server Fault or respective owner

Related posts about Windows

Related posts about windows-server-2008-r2