User account type changed to debugger (was Administrator)

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN have
begun to behave strangely and when I went to check up on them to see if I
could find anything wrong I noticed that on each of them the original user
account (type = Administrator) has been changed to type = debugger; user.

I haven't seen this before, does anyone know why this happened or what this
user type = debugger means?

Thanks
5 answers Last reply
More about user account type changed debugger administrator
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I don't know why. Did you install .NET, Visual Studio or something?

    [[Debugger Users group enables you to remotely access debugging components
    on other machines.]]

    [[Debug programs
    Computer Configuration\Windows Settings\Security Settings\Local
    Policies\User Rights Assignment

    Description
    Determines which users can attach a debugger to any process. This privilege
    provides powerful access to sensitive and critical operating system
    components.

    This user right is defined in the Default Domain Controller Group Policy
    object (GPO) and in the local security policy of workstations and servers.

    By default, only administrators and LocalSystem accounts have the privileges
    to debug programs.]]

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
    Blondie <nobody@nowhere.org> hunted and pecked:
    > Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
    > have begun to behave strangely and when I went to check up on them to
    > see if I could find anything wrong I noticed that on each of them the
    > original user account (type = Administrator) has been changed to type
    > = debugger; user.
    >
    > I haven't seen this before, does anyone know why this happened or
    > what this user type = debugger means?
    >
    > Thanks
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I looked at these two PCs again today.

    One of them was only installed about 3 days before this 'problem' was
    noticed.

    I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a handful
    user applications.
    NO development applications of any kind have been installed.

    First one that acquired the 'debugger' status was installed about 2 months
    ago, we noticed the problem after 'joining' the SBS Domain about 3 weeks
    ago. The PC started to complain that there was no default mail application
    to send the message requested by a program, the day after joining the domain
    .... nobody knew anything about any program that could be expected to be
    sending a message. That is the first time we noticed the User type =
    debugger.

    The second PC was installed last week, WinXP Pro, Office 2003 Pro ... a few
    user applications, no development programs ... the user type = debugger was
    not present in the system when I turned it over to it's new owner.

    The next day the user installed Trend Micro PcCillin 2002 and it was unable
    to update itself ... so, another customer call was scheduled ... 3 days
    after it was installed it's two local Administrator accounts had acquired
    the 'debugger' status. The user had installed 3 programs:

    1) Adobe Reader 7
    2) Ad-Aware SE
    3) DocuPrinterLT

    The only one on this list that is common with the other PC with the
    'debugger' User type is Adobe Reader 7.

    I removed the PcCillin installation that was unable to update itself
    (persistent error code 47 ... means corrupt downloaded virus signature file)
    and replaced it with Trend Micro Internet Security 2005 (which did update
    itself) ... ran a complete system scan, found nothing.

    I am concerned that this user type = debugger 'materialized' without any
    understandable reason, but this by itself does not seem to be causing a
    problem ... I wonder if it is a symptom of something wrong though?

    I wonder what else changed and why?


    "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
    >I don't know why. Did you install .NET, Visual Studio or something?
    >
    > [[Debugger Users group enables you to remotely access debugging components
    > on other machines.]]
    >
    > [[Debug programs
    > Computer Configuration\Windows Settings\Security Settings\Local
    > Policies\User Rights Assignment
    >
    > Description
    > Determines which users can attach a debugger to any process. This
    > privilege
    > provides powerful access to sensitive and critical operating system
    > components.
    >
    > This user right is defined in the Default Domain Controller Group Policy
    > object (GPO) and in the local security policy of workstations and servers.
    >
    > By default, only administrators and LocalSystem accounts have the
    > privileges
    > to debug programs.]]
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
    > Blondie <nobody@nowhere.org> hunted and pecked:
    >> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
    >> have begun to behave strangely and when I went to check up on them to
    >> see if I could find anything wrong I noticed that on each of them the
    >> original user account (type = Administrator) has been changed to type
    >> = debugger; user.
    >>
    >> I haven't seen this before, does anyone know why this happened or
    >> what this user type = debugger means?
    >>
    >> Thanks
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    mdm.exe maybe? Microsoft .NET Framework 1.1? I'm guessing.

    See if Mdm.exe (Machine Debug Manager) exists. It comes with a bunch of MS
    programs. I.e. Microsoft .NET Framework 1.1, Microsoft Office 2003.

    [[As a security enhancement, users who do not belong to the Administrators
    group or to the Debugger Users group will not be able to debug scripts with
    the Microsoft Script Editor.
    By default, the only member of the Debugger Users group is the Administrator
    who installed the application. ]]
    Users must belong to the Administrators group or to the Debugger Users group
    to use the Script Editor component in Office 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;891962

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:eC3XL1GIFHA.3500@TK2MSFTNGP14.phx.gbl,
    Blondie <nobody@nowhere.org> hunted and pecked:
    > I looked at these two PCs again today.
    >
    > One of them was only installed about 3 days before this 'problem' was
    > noticed.
    >
    > I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a
    > handful user applications.
    > NO development applications of any kind have been installed.
    >
    > First one that acquired the 'debugger' status was installed about 2
    > months ago, we noticed the problem after 'joining' the SBS Domain
    > about 3 weeks ago. The PC started to complain that there was no
    > default mail application to send the message requested by a program,
    > the day after joining the domain ... nobody knew anything about any
    > program that could be expected to be sending a message. That is the
    > first time we noticed the User type = debugger.
    >
    > The second PC was installed last week, WinXP Pro, Office 2003 Pro ...
    > a few user applications, no development programs ... the user type =
    > debugger was not present in the system when I turned it over to it's
    > new owner.
    >
    > The next day the user installed Trend Micro PcCillin 2002 and it was
    > unable to update itself ... so, another customer call was scheduled
    > ... 3 days after it was installed it's two local Administrator
    > accounts had acquired the 'debugger' status. The user had installed
    > 3 programs:
    >
    > 1) Adobe Reader 7
    > 2) Ad-Aware SE
    > 3) DocuPrinterLT
    >
    > The only one on this list that is common with the other PC with the
    > 'debugger' User type is Adobe Reader 7.
    >
    > I removed the PcCillin installation that was unable to update itself
    > (persistent error code 47 ... means corrupt downloaded virus
    > signature file) and replaced it with Trend Micro Internet Security
    > 2005 (which did update itself) ... ran a complete system scan, found
    > nothing.
    >
    > I am concerned that this user type = debugger 'materialized' without
    > any understandable reason, but this by itself does not seem to be
    > causing a problem ... I wonder if it is a symptom of something wrong
    > though?
    >
    > I wonder what else changed and why?
    >
    >
    > "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    > news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
    >> I don't know why. Did you install .NET, Visual Studio or something?
    >>
    >> [[Debugger Users group enables you to remotely access debugging
    >> components on other machines.]]
    >>
    >> [[Debug programs
    >> Computer Configuration\Windows Settings\Security Settings\Local
    >> Policies\User Rights Assignment
    >>
    >> Description
    >> Determines which users can attach a debugger to any process. This
    >> privilege
    >> provides powerful access to sensitive and critical operating system
    >> components.
    >>
    >> This user right is defined in the Default Domain Controller Group
    >> Policy object (GPO) and in the local security policy of workstations
    >> and servers.
    >>
    >> By default, only administrators and LocalSystem accounts have the
    >> privileges
    >> to debug programs.]]
    >>
    >> --
    >> Hope this helps. Let us know.
    >>
    >> Wes
    >> MS-MVP Windows Shell/User
    >>
    >> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
    >> Blondie <nobody@nowhere.org> hunted and pecked:
    >>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
    >>> have begun to behave strangely and when I went to check up on them
    >>> to see if I could find anything wrong I noticed that on each of
    >>> them the original user account (type = Administrator) has been
    >>> changed to type = debugger; user.
    >>>
    >>> I haven't seen this before, does anyone know why this happened or
    >>> what this user type = debugger means?
    >>>
    >>> Thanks
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I found MDM.EXE on both systems with the 'debugger' user type.

    The properties for MDM.EXE indicate that it is part of Visual Studio .NET
    Version 7.00.9466

    I think this module must have been installed as part of MS Office 2003 Pro
    (OEM Version). I installed 3 copies of this software, and just now checked
    the 3rd PC ... it also has this module, and now has 'debugger' user type for
    the local & Domain UserID ( Administrator Group ) I don't know for how long
    this user type has been present on the 3rd PC ... there have been no strange
    problems reported from this 3rd PC though.

    I guess that the presense of user type = debugger it is not a problem, and
    may be a benefit to have this module in the system.

    I will have to look elsewhere to understand the reasons for the strange
    behaviour of two of these PCs.

    PS ... I looked for information about 'user type = debugger' on the
    Knowledge Base and could not find anything that seemed relevant ... the
    article you referenced provides much better information than I was able to
    find on my own.

    Thanks!


    "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    news:%23XFZuSMIFHA.904@tk2msftngp13.phx.gbl...
    > mdm.exe maybe? Microsoft .NET Framework 1.1? I'm guessing.
    >
    > See if Mdm.exe (Machine Debug Manager) exists. It comes with a bunch of
    > MS
    > programs. I.e. Microsoft .NET Framework 1.1, Microsoft Office 2003.
    >
    > [[As a security enhancement, users who do not belong to the Administrators
    > group or to the Debugger Users group will not be able to debug scripts
    > with
    > the Microsoft Script Editor.
    > By default, the only member of the Debugger Users group is the
    > Administrator
    > who installed the application. ]]
    > Users must belong to the Administrators group or to the Debugger Users
    > group
    > to use the Script Editor component in Office 2003
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;891962
    >
    > --
    > Hope this helps. Let us know.
    >
    > Wes
    > MS-MVP Windows Shell/User
    >
    > In news:eC3XL1GIFHA.3500@TK2MSFTNGP14.phx.gbl,
    > Blondie <nobody@nowhere.org> hunted and pecked:
    >> I looked at these two PCs again today.
    >>
    >> One of them was only installed about 3 days before this 'problem' was
    >> noticed.
    >>
    >> I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a
    >> handful user applications.
    >> NO development applications of any kind have been installed.
    >>
    >> First one that acquired the 'debugger' status was installed about 2
    >> months ago, we noticed the problem after 'joining' the SBS Domain
    >> about 3 weeks ago. The PC started to complain that there was no
    >> default mail application to send the message requested by a program,
    >> the day after joining the domain ... nobody knew anything about any
    >> program that could be expected to be sending a message. That is the
    >> first time we noticed the User type = debugger.
    >>
    >> The second PC was installed last week, WinXP Pro, Office 2003 Pro ...
    >> a few user applications, no development programs ... the user type =
    >> debugger was not present in the system when I turned it over to it's
    >> new owner.
    >>
    >> The next day the user installed Trend Micro PcCillin 2002 and it was
    >> unable to update itself ... so, another customer call was scheduled
    >> ... 3 days after it was installed it's two local Administrator
    >> accounts had acquired the 'debugger' status. The user had installed
    >> 3 programs:
    >>
    >> 1) Adobe Reader 7
    >> 2) Ad-Aware SE
    >> 3) DocuPrinterLT
    >>
    >> The only one on this list that is common with the other PC with the
    >> 'debugger' User type is Adobe Reader 7.
    >>
    >> I removed the PcCillin installation that was unable to update itself
    >> (persistent error code 47 ... means corrupt downloaded virus
    >> signature file) and replaced it with Trend Micro Internet Security
    >> 2005 (which did update itself) ... ran a complete system scan, found
    >> nothing.
    >>
    >> I am concerned that this user type = debugger 'materialized' without
    >> any understandable reason, but this by itself does not seem to be
    >> causing a problem ... I wonder if it is a symptom of something wrong
    >> though?
    >>
    >> I wonder what else changed and why?
    >>
    >>
    >> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    >> news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
    >>> I don't know why. Did you install .NET, Visual Studio or something?
    >>>
    >>> [[Debugger Users group enables you to remotely access debugging
    >>> components on other machines.]]
    >>>
    >>> [[Debug programs
    >>> Computer Configuration\Windows Settings\Security Settings\Local
    >>> Policies\User Rights Assignment
    >>>
    >>> Description
    >>> Determines which users can attach a debugger to any process. This
    >>> privilege
    >>> provides powerful access to sensitive and critical operating system
    >>> components.
    >>>
    >>> This user right is defined in the Default Domain Controller Group
    >>> Policy object (GPO) and in the local security policy of workstations
    >>> and servers.
    >>>
    >>> By default, only administrators and LocalSystem accounts have the
    >>> privileges
    >>> to debug programs.]]
    >>>
    >>> --
    >>> Hope this helps. Let us know.
    >>>
    >>> Wes
    >>> MS-MVP Windows Shell/User
    >>>
    >>> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
    >>> Blondie <nobody@nowhere.org> hunted and pecked:
    >>>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
    >>>> have begun to behave strangely and when I went to check up on them
    >>>> to see if I could find anything wrong I noticed that on each of
    >>>> them the original user account (type = Administrator) has been
    >>>> changed to type = debugger; user.
    >>>>
    >>>> I haven't seen this before, does anyone know why this happened or
    >>>> what this user type = debugger means?
    >>>>
    >>>> Thanks
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Here's some additional info on mdm.exe...

    [[The Machine Debug Manager runs as a service and is loaded when your
    computer starts. If you do not use your computer for debugging purposes, you
    can safely turn off the Machine Debug Manager.]]

    How to turn off Machine Debug Manager in Office XP
    http://support.microsoft.com/default.aspx?scid=kb;en-us;321410

    Machine Debug Manager Service
    http://www.theeldergeek.com/machine_debug_manager.htm

    [[Filename: mdm.exe
    Program Title: Machine Debug Manager
    Comments: Used by developers for debugging. Those who have encountered it
    have unchecked it with no degradation in performance. May cause your
    computer to "hang" if you have MS Visual Studio
    installed and this disabled because it appears to take over error handling -
    hence the U recommendatioon. Can also be listed as MDM7. ]]
    http://www.windowsstartup.com/wso/detail.php?id=1515

    OFF2000: Files Whose Name Begins with "fff" Appear in Windows Folder
    http://support.microsoft.com/default.aspx?scid=kb;[LN];221438

    Machine Debug Manager
    http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=Machine+Debug+Manager&x=10&y=9

    --
    Hope this helps. Let us know.

    Wes
    MS-MVP Windows Shell/User

    In news:%23vZhBxZIFHA.2936@TK2MSFTNGP15.phx.gbl,
    Blondie <nobody@nowhere.org> hunted and pecked:
    > I found MDM.EXE on both systems with the 'debugger' user type.
    >
    > The properties for MDM.EXE indicate that it is part of Visual Studio
    > .NET Version 7.00.9466
    >
    > I think this module must have been installed as part of MS Office
    > 2003 Pro (OEM Version). I installed 3 copies of this software, and
    > just now checked the 3rd PC ... it also has this module, and now has
    > 'debugger' user type for the local & Domain UserID ( Administrator
    > Group ) I don't know for how long this user type has been present on
    > the 3rd PC ... there have been no strange problems reported from this
    > 3rd PC though.
    >
    > I guess that the presense of user type = debugger it is not a
    > problem, and may be a benefit to have this module in the system.
    >
    > I will have to look elsewhere to understand the reasons for the
    > strange behaviour of two of these PCs.
    >
    > PS ... I looked for information about 'user type = debugger' on the
    > Knowledge Base and could not find anything that seemed relevant ...
    > the article you referenced provides much better information than I
    > was able to find on my own.
    >
    > Thanks!
    >
    >
    > "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    > news:%23XFZuSMIFHA.904@tk2msftngp13.phx.gbl...
    >> mdm.exe maybe? Microsoft .NET Framework 1.1? I'm guessing.
    >>
    >> See if Mdm.exe (Machine Debug Manager) exists. It comes with a
    >> bunch of MS
    >> programs. I.e. Microsoft .NET Framework 1.1, Microsoft Office 2003.
    >>
    >> [[As a security enhancement, users who do not belong to the
    >> Administrators group or to the Debugger Users group will not be able
    >> to debug scripts with
    >> the Microsoft Script Editor.
    >> By default, the only member of the Debugger Users group is the
    >> Administrator
    >> who installed the application. ]]
    >> Users must belong to the Administrators group or to the Debugger
    >> Users group
    >> to use the Script Editor component in Office 2003
    >> http://support.microsoft.com/default.aspx?scid=kb;en-us;891962
    >>
    >> --
    >> Hope this helps. Let us know.
    >>
    >> Wes
    >> MS-MVP Windows Shell/User
    >>
    >> In news:eC3XL1GIFHA.3500@TK2MSFTNGP14.phx.gbl,
    >> Blondie <nobody@nowhere.org> hunted and pecked:
    >>> I looked at these two PCs again today.
    >>>
    >>> One of them was only installed about 3 days before this 'problem'
    >>> was noticed.
    >>>
    >>> I installed both of these PCs ... WinXP Pro, Office 2003 Pro ... a
    >>> handful user applications.
    >>> NO development applications of any kind have been installed.
    >>>
    >>> First one that acquired the 'debugger' status was installed about 2
    >>> months ago, we noticed the problem after 'joining' the SBS Domain
    >>> about 3 weeks ago. The PC started to complain that there was no
    >>> default mail application to send the message requested by a program,
    >>> the day after joining the domain ... nobody knew anything about any
    >>> program that could be expected to be sending a message. That is the
    >>> first time we noticed the User type = debugger.
    >>>
    >>> The second PC was installed last week, WinXP Pro, Office 2003 Pro
    >>> ... a few user applications, no development programs ... the user
    >>> type = debugger was not present in the system when I turned it over
    >>> to it's new owner.
    >>>
    >>> The next day the user installed Trend Micro PcCillin 2002 and it was
    >>> unable to update itself ... so, another customer call was scheduled
    >>> ... 3 days after it was installed it's two local Administrator
    >>> accounts had acquired the 'debugger' status. The user had installed
    >>> 3 programs:
    >>>
    >>> 1) Adobe Reader 7
    >>> 2) Ad-Aware SE
    >>> 3) DocuPrinterLT
    >>>
    >>> The only one on this list that is common with the other PC with the
    >>> 'debugger' User type is Adobe Reader 7.
    >>>
    >>> I removed the PcCillin installation that was unable to update itself
    >>> (persistent error code 47 ... means corrupt downloaded virus
    >>> signature file) and replaced it with Trend Micro Internet Security
    >>> 2005 (which did update itself) ... ran a complete system scan, found
    >>> nothing.
    >>>
    >>> I am concerned that this user type = debugger 'materialized' without
    >>> any understandable reason, but this by itself does not seem to be
    >>> causing a problem ... I wonder if it is a symptom of something wrong
    >>> though?
    >>>
    >>> I wonder what else changed and why?
    >>>
    >>>
    >>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
    >>> news:%23OiyiZ5HFHA.2620@tk2msftngp13.phx.gbl...
    >>>> I don't know why. Did you install .NET, Visual Studio or
    >>>> something?
    >>>>
    >>>> [[Debugger Users group enables you to remotely access debugging
    >>>> components on other machines.]]
    >>>>
    >>>> [[Debug programs
    >>>> Computer Configuration\Windows Settings\Security Settings\Local
    >>>> Policies\User Rights Assignment
    >>>>
    >>>> Description
    >>>> Determines which users can attach a debugger to any process. This
    >>>> privilege
    >>>> provides powerful access to sensitive and critical operating system
    >>>> components.
    >>>>
    >>>> This user right is defined in the Default Domain Controller Group
    >>>> Policy object (GPO) and in the local security policy of
    >>>> workstations and servers.
    >>>>
    >>>> By default, only administrators and LocalSystem accounts have the
    >>>> privileges
    >>>> to debug programs.]]
    >>>>
    >>>> --
    >>>> Hope this helps. Let us know.
    >>>>
    >>>> Wes
    >>>> MS-MVP Windows Shell/User
    >>>>
    >>>> In news:%23Pqgj73HFHA.3776@tk2msftngp13.phx.gbl,
    >>>> Blondie <nobody@nowhere.org> hunted and pecked:
    >>>>> Just recently 2 out of 7 PCs (all Windows XP Pro) on the local LAN
    >>>>> have begun to behave strangely and when I went to check up on them
    >>>>> to see if I could find anything wrong I noticed that on each of
    >>>>> them the original user account (type = Administrator) has been
    >>>>> changed to type = debugger; user.
    >>>>>
    >>>>> I haven't seen this before, does anyone know why this happened or
    >>>>> what this user type = debugger means?
    >>>>>
    >>>>> Thanks
Ask a new question

Read More

Debugger Windows XP