<div>
Truning on auditing may help. &nbsp;But at this point its too late - auditing needs to be turned on prior. &nbsp;Turn auditing on - on the folder
</div>


<div>
<div class="content wysiwyg-content">
We have an issue where autorun.inf files keep appearing on the root of our network shares. &nbsp;I'm pretty sure this is caused by spyware infection but the file properties only reveal the date it was created, but nothing else useful. &nbsp;How can I determine which user/computer is the source?
</div>
</div>


We have an issue where autorun.inf files keep appearing on the root of our network shares.  I'm pretty sure this is caused by spyware infection but the file properties only reveal the date it was created, but nothing else useful.  How can I determine which user/computer is the source?

How to determine where a file came from?

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).