strange security role issue

I have a (development) website, where I have used role based security, and a sitemap with SecurityTrimingEnabled as True. In this situation, I have sections of the site which are accessible or not, depending on the role a user is in.

I use the create user wizard to allow an internet visitor to create a user account. The wizard works fine, but how can I put an extra little task into the wizard's process? I'd like the wizard to send the administrator an email, to alert that there is a new user, who needs to have the role set. (I can handle the email part, but I don't know where to call this extra task, within the wizard's sequence) This is the first part of the question.

The second part, is that I've noticed a strange behavior in the role that a newly created user gets. When I view the new user roles in the Web Site Administration tool, it says that the user does not belong to any roles. This is what I expect. However, when I log in as that new user (with no roles) I find that I have access to the whole navigation tree. Since securitytriming is enabled, I should only be able to see areas of the site that are visible to all. Instead, I can see areas that are normally only visible to the administrator role users. This is obviously very bad!

How can I ensure the role that new users get when the wizard creates the user? Is there a step needed to define their role, or why is their unset role allowing them to see administrator content?


.