Not sure what was done on your system by TAC but it shouldn't be letting just anyone get to the SA!
When you hit the SAWeb page we get the token of the user logged in from NT - if you're not logged into the domain IIS prompts you using CHAPS for your login name, domain, pw. We look that SID up and see if you're a subscriber on the system, if you are, we see if your Class of Service in Unity allows SA access or not. If it does, you're in. If not, we then go check the SID History table which can be mapped with GrantUnityAccess... if your SID is in this table and it corresponds to a local subscriber with SA access, you're also in.
If those fail, you can't gain access to the SA.
My best guess is you have everyone assigned to an administration Class of Service - either that or someone went a little wild with the GrantUnityAccess tool, however I doubt that...