[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Random created files on our DC

Posted on 2014-08-11
10
Medium Priority
?
117 Views
Last Modified: 2014-08-25
You can delete them but they come right back. I have no idea what they are. System has been scanned nothing detected. Windows 2003 domain controller. Doesn't serve any other purpose except as our file server, application server
asdfasdf.JPG
0
Comment
Question by:stlhost
10 Comments
 
LVL 14

Expert Comment

by:Brad Groux
ID: 40254101
Where on the DC are the files being created?
0
 
LVL 2

Author Comment

by:stlhost
ID: 40254107
Root folder of the C drive
0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 40254174
First, I'd open on in notepad for clues.
Second, I'd review all running processes.
Third, I'd probably try to use Resource monitor or the Sysinternals tool Process Monitor to figure out what process is writing them.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40255554
what is the path these files are getting created?

these type of folders are usually created at - \\domain.com\SYSVOL\domain.com\Policies which is nothing but your SYSVOL share on DC (& those folders contain your group policies).

those are coming back because your AD (frs) replication are copying then from diff DC.
those needs to be there in order to have GPOs work properly.
0
 
LVL 2

Author Comment

by:stlhost
ID: 40257227
If I open up the C drive in Windows Explorer I can see them. These are files, not folders. They have no extension on them and if I open them with notepad++ is garbled info.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 40257396
Repeating:

Second, I'd review all running processes.
Third, I'd probably try to use Resource monitor or the Sysinternals tool Process Monitor to figure out what process is writing them.
0
 
LVL 2

Author Comment

by:stlhost
ID: 40257968
Process monitor doesn't show me anything any different than a normal 2003 domain controller would show that is what is baffling me. All the processes are normal, I'm not sidelining that option just that I haven't found anything yet. Thanks
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 40260777
Are you sure you're using Process monitor and not Process explorer or task manager - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 40260779
Run it, then delete these files, then when they start appearing, stop it, filter on writes (you may have to filter out a lot of different things, and see what is creating them.
0
 
LVL 2

Author Comment

by:stlhost
ID: 40283584
Something to do with symantec submissions.idx. I was using Process monitor yes just haven't had time to sit thru it all and study it seemed to all look normal. But thanks for pointing me in the right direction
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Integration Management Part 2
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question