Solved

Domain Controller 2012 R2

Posted on 2014-11-11
7
96 Views
Last Modified: 2014-11-11
Hey everyone I have a problem, can you help me solve.

A folder was created under my profile on the domain controller:  c:\users\gsmith\Desktop

It is a folder on the desktop when I log in.

It was a folder I did NOT create.


I am trying to find out how it got there.  
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.

Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?

Thanks
0
Comment
Question by:techgenious
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 40435056
I don´t think you can track who have created that folder.
It could be any user who just accessed your desktop folder and created it. As I know windows does not store and track such actions by default (without some 3th party app)
0
 

Author Comment

by:techgenious
ID: 40435086
do you know of any good 3rd party apps that can track actions like that?
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40435165
It was created by the operating system.. this is normal behaviour
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40435172
Also one cannot track changes made in the past, only changes in the future can be tracked once the settings to track have been applied.
0
 
LVL 17

Accepted Solution

by:
Spike99 earned 500 total points
ID: 40435604
So, are you saying that the desktop folder itself was created when you logged on or that another folder was created on the desktop?

If you're talking about the Desktop folder itself:  as David pointed out in a earlier comment, that is created by the OS the first time you log on to a system.  The only way it's not created at logon is if there is a policy in place to redirect the Desktop folder to a network location.

If you're talking about a folder that placed on your desktop, any folder in C:\Users\Public\Desktop (which is a hidden folder by default) would also appear on your desktop even though your own desktop folder, C:\Users\gsmith\Desktop, doesn't have a copy of that folder.
0
 

Author Comment

by:techgenious
ID: 40435880
I am talking about someone put a folder on the desktop through my profile, which I did not do.

I am trying to find out who did this.

When I logged in under my name I saw this folder on my desktop, that I DID NOT create.

I am trying to find out who did it.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 40436236
As someone else pointed out, it's hard to tell who did it after the fact because Windows doesn't log that sort of activity by default.

Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab.  That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.

To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab.  Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab.  If it's someone other than you or the local admins group, then that's probably the person who created the folder.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question