I later discovered some of the backstory. This incident was the last in an ongoing disagreement between the network admin and the IT manager. The network administrator was a holdover from the previous IT manager's staff -- a NetWare proponent fighting a rearguard battle against the well-established Windows networking infrastructure. The admin had begrudgingly added and configured Active Directory on the network, but had made it a very low priority and had failed to follow best practices regarding access control and security in general.
It's a typical security mantra, but worth repeating: If the data can be seen, it can be stolen. Just because a company's network has never been compromised doesn't mean it never will be. The need exists to secure, both at the perimeter and internally, all sensitive data -- even to have a second person double-check to make sure all is safe.
This story, "An IT contractor discovers too much company information," was originally published at InfoWorld.com. Read more crazy-but-true stories in the anonymous Off the Record blog at InfoWorld.com.