• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 192
  • Last Modified:

Someone logged me off how can i find who and did what


I had Ctrl Alt Del my machine and out of office.Some one restarted my machine and logged in as the Domain Administrator and logged of the system.I want to find what they did after logging in to my machine.
Did they delete any file ,Copy,Move,Editted any files etc.Is there  a way to find this.

  • 2
2 Solutions
you can find out who did log you out from the security log in the event viewer or computer management.

however for the files, if auditing is enabled and group policy has been enabled for "Audit Object access", then only you can find out what files have changed...

else try to find out the modified files by date/time

I think we have beaten this up pretty bad ealrlier...

If you had enabled Files Access Audits on your NTFS drives, you can find out.. what files were accessed..

If not.. i dont see a better way!
by default auditing is disabled.

for enabling it, you need to set auditing on the folders you want to monitor. Secondly you need to enable auditing from the group policy.

after enabling this, events are logged in the event viewer if any changes are made to the files/folders...

also, you can choose what events to log like read/delete...etc.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now