User account type changed to debugger (was Administrator)

Blondie

Distinguished
Aug 12, 2004
22
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN have
begun to behave strangely and when I went to check up on them to see if I
could find anything wrong I noticed that on each of them the original user
account (type = Administrator) has been changed to type = debugger; user.

I haven't seen this before, does anyone know why this happened or what this
user type = debugger means?

Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I don't know why. Did you install .NET, Visual Studio or something?

[[Debugger Users group enables you to remotely access debugging components
on other machines.]]

[[Debug programs
Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment

Description
Determines which users can attach a debugger to any process. This privilege
provides powerful access to sensitive and critical operating system
components.

This user right is defined in the Default Domain Controller Group Policy
object (GPO) and in the local security policy of workstations and servers.

By default, only administrators and LocalSystem accounts have the privileges
to debug programs.]]

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
Blondie <nobody@nowhere.org> hunted and pecked:
> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
> have begun to behave strangely and when I went to check up on them to
> see if I could find anything wrong I noticed that on each of them the
> original user account (type = Administrator) has been changed to type
> = debugger; user.
>
> I haven't seen this before, does anyone know why this happened or
> what this user type = debugger means?
>
> Thanks
 

Blondie

Distinguished
Aug 12, 2004
22
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I looked at these two PCs again today.

One of them was only installed about 3 days before this 'problem' was
noticed.

I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a handful
user applications.
NO development applications of any kind have been installed.

First one that acquired the 'debugger' status was installed about 2 months
ago, we noticed the problem after 'joining' the SBS Domain about 3 weeks
ago. The PC started to complain that there was no default mail application
to send the message requested by a program, the day after joining the domain
.... nobody knew anything about any program that could be expected to be
sending a message. That is the first time we noticed the User type =
debugger.

The second PC was installed last week, WinXP Pro, Office 2003 Pro ... a few
user applications, no development programs ... the user type = debugger was
not present in the system when I turned it over to it's new owner.

The next day the user installed Trend Micro PcCillin 2002 and it was unable
to update itself ... so, another customer call was scheduled ... 3 days
after it was installed it's two local Administrator accounts had acquired
the 'debugger' status. The user had installed 3 programs:

1) Adobe Reader 7
2) Ad-Aware SE
3) DocuPrinterLT

The only one on this list that is common with the other PC with the
'debugger' User type is Adobe Reader 7.

I removed the PcCillin installation that was unable to update itself
(persistent error code 47 ... means corrupt downloaded virus signature file)
and replaced it with Trend Micro Internet Security 2005 (which did update
itself) ... ran a complete system scan, found nothing.

I am concerned that this user type = debugger 'materialized' without any
understandable reason, but this by itself does not seem to be causing a
problem ... I wonder if it is a symptom of something wrong though?

I wonder what else changed and why?


"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
>I don't know why. Did you install .NET, Visual Studio or something?
>
> [[Debugger Users group enables you to remotely access debugging components
> on other machines.]]
>
> [[Debug programs
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\User Rights Assignment
>
> Description
> Determines which users can attach a debugger to any process. This
> privilege
> provides powerful access to sensitive and critical operating system
> components.
>
> This user right is defined in the Default Domain Controller Group Policy
> object (GPO) and in the local security policy of workstations and servers.
>
> By default, only administrators and LocalSystem accounts have the
> privileges
> to debug programs.]]
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
> Blondie <nobody@nowhere.org> hunted and pecked:
>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
>> have begun to behave strangely and when I went to check up on them to
>> see if I could find anything wrong I noticed that on each of them the
>> original user account (type = Administrator) has been changed to type
>> = debugger; user.
>>
>> I haven't seen this before, does anyone know why this happened or
>> what this user type = debugger means?
>>
>> Thanks
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

mdm.exe maybe? Microsoft .NET Framework 1.1? I'm guessing.

See if Mdm.exe (Machine Debug Manager) exists. It comes with a bunch of MS
programs. I.e. Microsoft .NET Framework 1.1, Microsoft Office 2003.

[[As a security enhancement, users who do not belong to the Administrators
group or to the Debugger Users group will not be able to debug scripts with
the Microsoft Script Editor.
By default, the only member of the Debugger Users group is the Administrator
who installed the application. ]]
Users must belong to the Administrators group or to the Debugger Users group
to use the Script Editor component in Office 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;891962

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:eC3XL1GIFHA.3500@TK2MSFTNGP14.phx.gbl,
Blondie <nobody@nowhere.org> hunted and pecked:
> I looked at these two PCs again today.
>
> One of them was only installed about 3 days before this 'problem' was
> noticed.
>
> I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a
> handful user applications.
> NO development applications of any kind have been installed.
>
> First one that acquired the 'debugger' status was installed about 2
> months ago, we noticed the problem after 'joining' the SBS Domain
> about 3 weeks ago. The PC started to complain that there was no
> default mail application to send the message requested by a program,
> the day after joining the domain ... nobody knew anything about any
> program that could be expected to be sending a message. That is the
> first time we noticed the User type = debugger.
>
> The second PC was installed last week, WinXP Pro, Office 2003 Pro ...
> a few user applications, no development programs ... the user type =
> debugger was not present in the system when I turned it over to it's
> new owner.
>
> The next day the user installed Trend Micro PcCillin 2002 and it was
> unable to update itself ... so, another customer call was scheduled
> ... 3 days after it was installed it's two local Administrator
> accounts had acquired the 'debugger' status. The user had installed
> 3 programs:
>
> 1) Adobe Reader 7
> 2) Ad-Aware SE
> 3) DocuPrinterLT
>
> The only one on this list that is common with the other PC with the
> 'debugger' User type is Adobe Reader 7.
>
> I removed the PcCillin installation that was unable to update itself
> (persistent error code 47 ... means corrupt downloaded virus
> signature file) and replaced it with Trend Micro Internet Security
> 2005 (which did update itself) ... ran a complete system scan, found
> nothing.
>
> I am concerned that this user type = debugger 'materialized' without
> any understandable reason, but this by itself does not seem to be
> causing a problem ... I wonder if it is a symptom of something wrong
> though?
>
> I wonder what else changed and why?
>
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
>> I don't know why. Did you install .NET, Visual Studio or something?
>>
>> [[Debugger Users group enables you to remotely access debugging
>> components on other machines.]]
>>
>> [[Debug programs
>> Computer Configuration\Windows Settings\Security Settings\Local
>> Policies\User Rights Assignment
>>
>> Description
>> Determines which users can attach a debugger to any process. This
>> privilege
>> provides powerful access to sensitive and critical operating system
>> components.
>>
>> This user right is defined in the Default Domain Controller Group
>> Policy object (GPO) and in the local security policy of workstations
>> and servers.
>>
>> By default, only administrators and LocalSystem accounts have the
>> privileges
>> to debug programs.]]
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
>> Blondie <nobody@nowhere.org> hunted and pecked:
>>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
>>> have begun to behave strangely and when I went to check up on them
>>> to see if I could find anything wrong I noticed that on each of
>>> them the original user account (type = Administrator) has been
>>> changed to type = debugger; user.
>>>
>>> I haven't seen this before, does anyone know why this happened or
>>> what this user type = debugger means?
>>>
>>> Thanks
 

Blondie

Distinguished
Aug 12, 2004
22
0
18,510
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I found MDM.EXE on both systems with the 'debugger' user type.

The properties for MDM.EXE indicate that it is part of Visual Studio .NET
Version 7.00.9466

I think this module must have been installed as part of MS Office 2003 Pro
(OEM Version). I installed 3 copies of this software, and just now checked
the 3rd PC ... it also has this module, and now has 'debugger' user type for
the local & Domain UserID ( Administrator Group ) I don't know for how long
this user type has been present on the 3rd PC ... there have been no strange
problems reported from this 3rd PC though.

I guess that the presense of user type = debugger it is not a problem, and
may be a benefit to have this module in the system.

I will have to look elsewhere to understand the reasons for the strange
behaviour of two of these PCs.

PS ... I looked for information about 'user type = debugger' on the
Knowledge Base and could not find anything that seemed relevant ... the
article you referenced provides much better information than I was able to
find on my own.

Thanks!


"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:%23XFZuSMIFHA.904@tk2msftngp13.phx.gbl...
> mdm.exe maybe? Microsoft .NET Framework 1.1? I'm guessing.
>
> See if Mdm.exe (Machine Debug Manager) exists. It comes with a bunch of
> MS
> programs. I.e. Microsoft .NET Framework 1.1, Microsoft Office 2003.
>
> [[As a security enhancement, users who do not belong to the Administrators
> group or to the Debugger Users group will not be able to debug scripts
> with
> the Microsoft Script Editor.
> By default, the only member of the Debugger Users group is the
> Administrator
> who installed the application. ]]
> Users must belong to the Administrators group or to the Debugger Users
> group
> to use the Script Editor component in Office 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;891962
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:eC3XL1GIFHA.3500@TK2MSFTNGP14.phx.gbl,
> Blondie <nobody@nowhere.org> hunted and pecked:
>> I looked at these two PCs again today.
>>
>> One of them was only installed about 3 days before this 'problem' was
>> noticed.
>>
>> I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a
>> handful user applications.
>> NO development applications of any kind have been installed.
>>
>> First one that acquired the 'debugger' status was installed about 2
>> months ago, we noticed the problem after 'joining' the SBS Domain
>> about 3 weeks ago. The PC started to complain that there was no
>> default mail application to send the message requested by a program,
>> the day after joining the domain ... nobody knew anything about any
>> program that could be expected to be sending a message. That is the
>> first time we noticed the User type = debugger.
>>
>> The second PC was installed last week, WinXP Pro, Office 2003 Pro ...
>> a few user applications, no development programs ... the user type =
>> debugger was not present in the system when I turned it over to it's
>> new owner.
>>
>> The next day the user installed Trend Micro PcCillin 2002 and it was
>> unable to update itself ... so, another customer call was scheduled
>> ... 3 days after it was installed it's two local Administrator
>> accounts had acquired the 'debugger' status. The user had installed
>> 3 programs:
>>
>> 1) Adobe Reader 7
>> 2) Ad-Aware SE
>> 3) DocuPrinterLT
>>
>> The only one on this list that is common with the other PC with the
>> 'debugger' User type is Adobe Reader 7.
>>
>> I removed the PcCillin installation that was unable to update itself
>> (persistent error code 47 ... means corrupt downloaded virus
>> signature file) and replaced it with Trend Micro Internet Security
>> 2005 (which did update itself) ... ran a complete system scan, found
>> nothing.
>>
>> I am concerned that this user type = debugger 'materialized' without
>> any understandable reason, but this by itself does not seem to be
>> causing a problem ... I wonder if it is a symptom of something wrong
>> though?
>>
>> I wonder what else changed and why?
>>
>>
>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>> news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
>>> I don't know why. Did you install .NET, Visual Studio or something?
>>>
>>> [[Debugger Users group enables you to remotely access debugging
>>> components on other machines.]]
>>>
>>> [[Debug programs
>>> Computer Configuration\Windows Settings\Security Settings\Local
>>> Policies\User Rights Assignment
>>>
>>> Description
>>> Determines which users can attach a debugger to any process. This
>>> privilege
>>> provides powerful access to sensitive and critical operating system
>>> components.
>>>
>>> This user right is defined in the Default Domain Controller Group
>>> Policy object (GPO) and in the local security policy of workstations
>>> and servers.
>>>
>>> By default, only administrators and LocalSystem accounts have the
>>> privileges
>>> to debug programs.]]
>>>
>>> --
>>> Hope this helps. Let us know.
>>>
>>> Wes
>>> MS-MVP Windows Shell/User
>>>
>>> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
>>> Blondie <nobody@nowhere.org> hunted and pecked:
>>>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
>>>> have begun to behave strangely and when I went to check up on them
>>>> to see if I could find anything wrong I noticed that on each of
>>>> them the original user account (type = Administrator) has been
>>>> changed to type = debugger; user.
>>>>
>>>> I haven't seen this before, does anyone know why this happened or
>>>> what this user type = debugger means?
>>>>
>>>> Thanks
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Here's some additional info on mdm.exe...

[[The Machine Debug Manager runs as a service and is loaded when your
computer starts. If you do not use your computer for debugging purposes, you
can safely turn off the Machine Debug Manager.]]

How to turn off Machine Debug Manager in Office XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;321410

Machine Debug Manager Service
http://www.theeldergeek.com/machine_debug_manager.htm

[[Filename: mdm.exe
Program Title: Machine Debug Manager
Comments: Used by developers for debugging. Those who have encountered it
have unchecked it with no degradation in performance. May cause your
computer to "hang" if you have MS Visual Studio
installed and this disabled because it appears to take over error handling -
hence the U recommendatioon. Can also be listed as MDM7. ]]
http://www.windowsstartup.com/wso/detail.php?id=1515

OFF2000: Files Whose Name Begins with "fff" Appear in Windows Folder
;221438]http://support.microsoft.com/default.aspx?scid=kb;[LN];221438

Machine Debug Manager
http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=Machine+Debug+Manager&x=10&y=9

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%23vZhBxZIFHA.2936@TK2MSFTNGP15.phx.gbl,
Blondie <nobody@nowhere.org> hunted and pecked:
> I found MDM.EXE on both systems with the 'debugger' user type.
>
> The properties for MDM.EXE indicate that it is part of Visual Studio
> .NET Version 7.00.9466
>
> I think this module must have been installed as part of MS Office
> 2003 Pro (OEM Version). I installed 3 copies of this software, and
> just now checked the 3rd PC ... it also has this module, and now has
> 'debugger' user type for the local & Domain UserID ( Administrator
> Group ) I don't know for how long this user type has been present on
> the 3rd PC ... there have been no strange problems reported from this
> 3rd PC though.
>
> I guess that the presense of user type = debugger it is not a
> problem, and may be a benefit to have this module in the system.
>
> I will have to look elsewhere to understand the reasons for the
> strange behaviour of two of these PCs.
>
> PS ... I looked for information about 'user type = debugger' on the
> Knowledge Base and could not find anything that seemed relevant ...
> the article you referenced provides much better information than I
> was able to find on my own.
>
> Thanks!
>
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:%23XFZuSMIFHA.904@tk2msftngp13.phx.gbl...
>> mdm.exe maybe? Microsoft .NET Framework 1.1? I'm guessing.
>>
>> See if Mdm.exe (Machine Debug Manager) exists. It comes with a
>> bunch of MS
>> programs. I.e. Microsoft .NET Framework 1.1, Microsoft Office 2003.
>>
>> [[As a security enhancement, users who do not belong to the
>> Administrators group or to the Debugger Users group will not be able
>> to debug scripts with
>> the Microsoft Script Editor.
>> By default, the only member of the Debugger Users group is the
>> Administrator
>> who installed the application. ]]
>> Users must belong to the Administrators group or to the Debugger
>> Users group
>> to use the Script Editor component in Office 2003
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;891962
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:eC3XL1GIFHA.3500@TK2MSFTNGP14.phx.gbl,
>> Blondie <nobody@nowhere.org> hunted and pecked:
>>> I looked at these two PCs again today.
>>>
>>> One of them was only installed about 3 days before this 'problem'
>>> was noticed.
>>>
>>> I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a
>>> handful user applications.
>>> NO development applications of any kind have been installed.
>>>
>>> First one that acquired the 'debugger' status was installed about 2
>>> months ago, we noticed the problem after 'joining' the SBS Domain
>>> about 3 weeks ago. The PC started to complain that there was no
>>> default mail application to send the message requested by a program,
>>> the day after joining the domain ... nobody knew anything about any
>>> program that could be expected to be sending a message. That is the
>>> first time we noticed the User type = debugger.
>>>
>>> The second PC was installed last week, WinXP Pro, Office 2003 Pro
>>> ... a few user applications, no development programs ... the user
>>> type = debugger was not present in the system when I turned it over
>>> to it's new owner.
>>>
>>> The next day the user installed Trend Micro PcCillin 2002 and it was
>>> unable to update itself ... so, another customer call was scheduled
>>> ... 3 days after it was installed it's two local Administrator
>>> accounts had acquired the 'debugger' status. The user had installed
>>> 3 programs:
>>>
>>> 1) Adobe Reader 7
>>> 2) Ad-Aware SE
>>> 3) DocuPrinterLT
>>>
>>> The only one on this list that is common with the other PC with the
>>> 'debugger' User type is Adobe Reader 7.
>>>
>>> I removed the PcCillin installation that was unable to update itself
>>> (persistent error code 47 ... means corrupt downloaded virus
>>> signature file) and replaced it with Trend Micro Internet Security
>>> 2005 (which did update itself) ... ran a complete system scan, found
>>> nothing.
>>>
>>> I am concerned that this user type = debugger 'materialized' without
>>> any understandable reason, but this by itself does not seem to be
>>> causing a problem ... I wonder if it is a symptom of something wrong
>>> though?
>>>
>>> I wonder what else changed and why?
>>>
>>>
>>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>>> news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
>>>> I don't know why. Did you install .NET, Visual Studio or
>>>> something?
>>>>
>>>> [[Debugger Users group enables you to remotely access debugging
>>>> components on other machines.]]
>>>>
>>>> [[Debug programs
>>>> Computer Configuration\Windows Settings\Security Settings\Local
>>>> Policies\User Rights Assignment
>>>>
>>>> Description
>>>> Determines which users can attach a debugger to any process. This
>>>> privilege
>>>> provides powerful access to sensitive and critical operating system
>>>> components.
>>>>
>>>> This user right is defined in the Default Domain Controller Group
>>>> Policy object (GPO) and in the local security policy of
>>>> workstations and servers.
>>>>
>>>> By default, only administrators and LocalSystem accounts have the
>>>> privileges
>>>> to debug programs.]]
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>>>>
>>>> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
>>>> Blondie <nobody@nowhere.org> hunted and pecked:
>>>>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
>>>>> have begun to behave strangely and when I went to check up on them
>>>>> to see if I could find anything wrong I noticed that on each of
>>>>> them the original user account (type = Administrator) has been
>>>>> changed to type = debugger; user.
>>>>>
>>>>> I haven't seen this before, does anyone know why this happened or
>>>>> what this user type = debugger means?
>>>>>
>>>>> Thanks