it sounds like all of the systems have been setup with the same user name and password. My guess is the user name they are using is “administrator”. For example, If you have a local user account on both computers “XPCOMP01” and “XPCOMP02” called “administrator” with a password of “p@ssw0rd” each computer will have access to the others shares through the network. You can change the local administrators account name to something they will not know. This can be done very easy through group policys. I would change it on the domain controller and all of the workstations. This would force everyone to use their assigned domain user accounts. Then create a fake account called administrator that you have disabled and use it for security logging to see who is still trying to access the account.