Solved

Domain Controller 2012 R2

Posted on 2014-11-11
7
95 Views
Last Modified: 2014-11-11
Hey everyone I have a problem, can you help me solve.

A folder was created under my profile on the domain controller:  c:\users\gsmith\Desktop

It is a folder on the desktop when I log in.

It was a folder I did NOT create.


I am trying to find out how it got there.  
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.

Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?

Thanks
0
Comment
Question by:techgenious
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 40435056
I don´t think you can track who have created that folder.
It could be any user who just accessed your desktop folder and created it. As I know windows does not store and track such actions by default (without some 3th party app)
0
 

Author Comment

by:techgenious
ID: 40435086
do you know of any good 3rd party apps that can track actions like that?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40435165
It was created by the operating system.. this is normal behaviour
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40435172
Also one cannot track changes made in the past, only changes in the future can be tracked once the settings to track have been applied.
0
 
LVL 17

Accepted Solution

by:
Spike99 earned 500 total points
ID: 40435604
So, are you saying that the desktop folder itself was created when you logged on or that another folder was created on the desktop?

If you're talking about the Desktop folder itself:  as David pointed out in a earlier comment, that is created by the OS the first time you log on to a system.  The only way it's not created at logon is if there is a policy in place to redirect the Desktop folder to a network location.

If you're talking about a folder that placed on your desktop, any folder in C:\Users\Public\Desktop (which is a hidden folder by default) would also appear on your desktop even though your own desktop folder, C:\Users\gsmith\Desktop, doesn't have a copy of that folder.
0
 

Author Comment

by:techgenious
ID: 40435880
I am talking about someone put a folder on the desktop through my profile, which I did not do.

I am trying to find out who did this.

When I logged in under my name I saw this folder on my desktop, that I DID NOT create.

I am trying to find out who did it.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 40436236
As someone else pointed out, it's hard to tell who did it after the fact because Windows doesn't log that sort of activity by default.

Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab.  That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.

To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab.  Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab.  If it's someone other than you or the local admins group, then that's probably the person who created the folder.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my previous Experts Exchange Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most have featured Basic and Intermediate VMware Topics.  As a Virtualisation Consultant, we implement many different virtual…
Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question