Solved

Domain Controller 2012 R2

Posted on 2014-11-11
7
94 Views
Last Modified: 2014-11-11
Hey everyone I have a problem, can you help me solve.

A folder was created under my profile on the domain controller:  c:\users\gsmith\Desktop

It is a folder on the desktop when I log in.

It was a folder I did NOT create.


I am trying to find out how it got there.  
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.

Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?

Thanks
0
Comment
Question by:techgenious
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 40435056
I don´t think you can track who have created that folder.
It could be any user who just accessed your desktop folder and created it. As I know windows does not store and track such actions by default (without some 3th party app)
0
 

Author Comment

by:techgenious
ID: 40435086
do you know of any good 3rd party apps that can track actions like that?
0
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40435165
It was created by the operating system.. this is normal behaviour
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40435172
Also one cannot track changes made in the past, only changes in the future can be tracked once the settings to track have been applied.
0
 
LVL 16

Accepted Solution

by:
Spike99 earned 500 total points
ID: 40435604
So, are you saying that the desktop folder itself was created when you logged on or that another folder was created on the desktop?

If you're talking about the Desktop folder itself:  as David pointed out in a earlier comment, that is created by the OS the first time you log on to a system.  The only way it's not created at logon is if there is a policy in place to redirect the Desktop folder to a network location.

If you're talking about a folder that placed on your desktop, any folder in C:\Users\Public\Desktop (which is a hidden folder by default) would also appear on your desktop even though your own desktop folder, C:\Users\gsmith\Desktop, doesn't have a copy of that folder.
0
 

Author Comment

by:techgenious
ID: 40435880
I am talking about someone put a folder on the desktop through my profile, which I did not do.

I am trying to find out who did this.

When I logged in under my name I saw this folder on my desktop, that I DID NOT create.

I am trying to find out who did it.
0
 
LVL 16

Expert Comment

by:Spike99
ID: 40436236
As someone else pointed out, it's hard to tell who did it after the fact because Windows doesn't log that sort of activity by default.

Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab.  That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.

To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab.  Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab.  If it's someone other than you or the local admins group, then that's probably the person who created the folder.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question