Solved

Domain Controller 2012 R2

Posted on 2014-11-11
7
102 Views
Last Modified: 2014-11-11
Hey everyone I have a problem, can you help me solve.

A folder was created under my profile on the domain controller:  c:\users\gsmith\Desktop

It is a folder on the desktop when I log in.

It was a folder I did NOT create.


I am trying to find out how it got there.  
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.

Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?

Thanks
0
Comment
Question by:techgenious
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 40435056
I don´t think you can track who have created that folder.
It could be any user who just accessed your desktop folder and created it. As I know windows does not store and track such actions by default (without some 3th party app)
0
 

Author Comment

by:techgenious
ID: 40435086
do you know of any good 3rd party apps that can track actions like that?
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40435165
It was created by the operating system.. this is normal behaviour
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40435172
Also one cannot track changes made in the past, only changes in the future can be tracked once the settings to track have been applied.
0
 
LVL 17

Accepted Solution

by:
Spike99 earned 500 total points
ID: 40435604
So, are you saying that the desktop folder itself was created when you logged on or that another folder was created on the desktop?

If you're talking about the Desktop folder itself:  as David pointed out in a earlier comment, that is created by the OS the first time you log on to a system.  The only way it's not created at logon is if there is a policy in place to redirect the Desktop folder to a network location.

If you're talking about a folder that placed on your desktop, any folder in C:\Users\Public\Desktop (which is a hidden folder by default) would also appear on your desktop even though your own desktop folder, C:\Users\gsmith\Desktop, doesn't have a copy of that folder.
0
 

Author Comment

by:techgenious
ID: 40435880
I am talking about someone put a folder on the desktop through my profile, which I did not do.

I am trying to find out who did this.

When I logged in under my name I saw this folder on my desktop, that I DID NOT create.

I am trying to find out who did it.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 40436236
As someone else pointed out, it's hard to tell who did it after the fact because Windows doesn't log that sort of activity by default.

Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab.  That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.

To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab.  Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab.  If it's someone other than you or the local admins group, then that's probably the person who created the folder.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question