Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain Controller 2012 R2

Posted on 2014-11-11
7
Medium Priority
?
111 Views
Last Modified: 2014-11-11
Hey everyone I have a problem, can you help me solve.

A folder was created under my profile on the domain controller:  c:\users\gsmith\Desktop

It is a folder on the desktop when I log in.

It was a folder I did NOT create.


I am trying to find out how it got there.  
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.

Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?

Thanks
0
Comment
Question by:techgenious
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 19

Expert Comment

by:helpfinder
ID: 40435056
I don´t think you can track who have created that folder.
It could be any user who just accessed your desktop folder and created it. As I know windows does not store and track such actions by default (without some 3th party app)
0
 

Author Comment

by:techgenious
ID: 40435086
do you know of any good 3rd party apps that can track actions like that?
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40435165
It was created by the operating system.. this is normal behaviour
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40435172
Also one cannot track changes made in the past, only changes in the future can be tracked once the settings to track have been applied.
0
 
LVL 17

Accepted Solution

by:
Spike99 earned 2000 total points
ID: 40435604
So, are you saying that the desktop folder itself was created when you logged on or that another folder was created on the desktop?

If you're talking about the Desktop folder itself:  as David pointed out in a earlier comment, that is created by the OS the first time you log on to a system.  The only way it's not created at logon is if there is a policy in place to redirect the Desktop folder to a network location.

If you're talking about a folder that placed on your desktop, any folder in C:\Users\Public\Desktop (which is a hidden folder by default) would also appear on your desktop even though your own desktop folder, C:\Users\gsmith\Desktop, doesn't have a copy of that folder.
0
 

Author Comment

by:techgenious
ID: 40435880
I am talking about someone put a folder on the desktop through my profile, which I did not do.

I am trying to find out who did this.

When I logged in under my name I saw this folder on my desktop, that I DID NOT create.

I am trying to find out who did it.
0
 
LVL 17

Expert Comment

by:Spike99
ID: 40436236
As someone else pointed out, it's hard to tell who did it after the fact because Windows doesn't log that sort of activity by default.

Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab.  That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.

To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab.  Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab.  If it's someone other than you or the local admins group, then that's probably the person who created the folder.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Resolve DNS query failed errors for Exchange
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question