Problem: AD accounts now have read only permission after logging into vSphere (using AD accounts).

Cause: Attempted to create a non-AD account, that could log into vSphere with only read permissions.

1. Created a user account on the server where vSphere was installed.
2. Logged into vSphere with my AD account, went to the permissions tab (datacenter level).
3. Right clicked and added a new user, selected the locally created account and assigned read only permissions.
4. Logged into vSphere with the local account, verified read only permissions.
5. Logged back into vSphere with my AD account..... now it to has read only permissions!?  Even though I never applied read only to my account.
6. Looking at the permission tab, it appears the read-only permission is being applied to ALL accounts (not sure how I messed that up).

Good News:

• If I bypass vSphere and log into each hypervisor directly with the root account.  I have admin privileges.

VMware Environment:

• Hypervisors are ESXi 4.1 (no ESX hypervisors)
• vSphere 4.1 Update 1 is installed on a Windows 2k8 server
• vSphere 4.1 Update 1 is using a MS SQL 2008 standard DB (which I have full access to)

We've never configured any permissions before for vSphere logins.  Once vSphere was installed way back when, we've always just accessed it with our AD accounts (never set any permissions/groups).   I don't suppose there is a way to remove this vSphere read only permission that's applying to everything?