Why would IIS user connected as another user to that which they used to login to Windows

I am using Windows Authentication on a website / WCF service. In WCF I am u开发者_StackOverflow社区sing HttpContext.Current.User.Identity.Name to do some authorization.

2 users out of 50 seem to be hitting IIS under a different security context to that which they are logged into Windows. In both cases they are "Domain\Administrator" instead of their real "Domain\User" account.

It isn't WCF specific or anything to do with my WCF client code, as after the problem arose I asked the 2 users to hit a simple html page in their browser, and the IIS logs show them connecting as Administrator as well.

Aside from getting them to reboot and watching them type in their Windows logins to be sure, I checked that their browsers weren't set to 'Run as Administrator', which is an option if you look at the properties of the IE link (shortcut tab-> Advanced button) (not the internet options).

If the users have UAC turned off and are in the local Administrators group then IE will no longer run in sandbox mode (even if you don't choose 'Run as Adminstrator' on the shortcut) and will run in the Administrator user context. Check the UAC settings to see if they are disabled.