Domain Controller 2012 R2
Hey everyone I have a problem, can you help me solve.
A folder was created under my profile on the domain controller: c:\users\gsmith\Desktop
It is a folder on the desktop when I log in.
It was a folder I did NOT create.
I am trying to find out how it got there.
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.
Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?
Thanks
A folder was created under my profile on the domain controller: c:\users\gsmith\Desktop
It is a folder on the desktop when I log in.
It was a folder I did NOT create.
I am trying to find out how it got there.
The events logs [security] do not go back to that date.
Right click > on the folder and it gives the date/time created & permissions.
Is there any tools, or any logs on the DC, I can check to see who created this folder on that particular date & time?
Thanks
ASKER
do you know of any good 3rd party apps that can track actions like that?
It was created by the operating system.. this is normal behaviour
Also one cannot track changes made in the past, only changes in the future can be tracked once the settings to track have been applied.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am talking about someone put a folder on the desktop through my profile, which I did not do.
I am trying to find out who did this.
When I logged in under my name I saw this folder on my desktop, that I DID NOT create.
I am trying to find out who did it.
I am trying to find out who did this.
When I logged in under my name I saw this folder on my desktop, that I DID NOT create.
I am trying to find out who did it.
As someone else pointed out, it's hard to tell who did it after the fact because Windows doesn't log that sort of activity by default.
Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab. That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.
To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab. Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab. If it's someone other than you or the local admins group, then that's probably the person who created the folder.
Sometimes, if the permissions are loose enough, and the person isn't an admin, you can figure who created the folder by looking at the Security tab. That's because when a non-admin user creates a folder in a folder where they don't have full rights, they don't have the rights to set the admins group as the owner of the folder, so they will be listed as the "owner" of that folder.
To see if the permissions of that folder are funky, check the folder properties then, click on the "Advanced" button on the Security tab. Once in Advanced Security Settings, check to see how the owner is by clicking on the Owner tab. If it's someone other than you or the local admins group, then that's probably the person who created the folder.
It could be any user who just accessed your desktop folder and created it. As I know windows does not store and track such actions by default (without some 3th party app)