Please click the link below for your operating system to download the TSG SysInfo Utility. Click on "Save File" then double-click the file to run it. Copy and paste the report in your initial post. Windows 7 and later (downloads a file named tsginfo.exe) | Windows XP (downloads a file named SysInfo.exe)

C: User Profiles

1090 Views 6 Replies 3 Participants Last post by lunarlander, Oct 7, 2016

yora

Discussion Starter · Oct 5, 2016

Hello--

I work for a large company, and today access my C:Users folder, to find a folder with a username of someone who has not physically used my computer to sign-in via Windows. Is it possible this user remote-accessed my computer? Or why would there by a folder in C:Users with their username attributed to it? Furthermore, is there any way to tell which applications or files they accessed? Thank you for any help and insight you can provide - I greatly appreciate it! Yora

Save

Status: Not open for further replies.

1 - 7 of 7 Posts

lunarlander

· #2 · Oct 5, 2016

Yes, it is possible that that user remotely accessed the computer . But to see which files he accessed would require previously setting up auditing on specific files, so that it generates an audit log entry when that file is accessed. I would contact your company's IT Security department to look into this.

Save

yora

Discussion Starter · #3 · Oct 5, 2016

Thank you so much for your help, lunarlander! That is very helpful. Is there any other reason his username may be showing up in my Users folder? (i.e., he would have had to login either physically or remotely? or is there some other possibility?)

Save

lunarlander

· #4 · Oct 5, 2016

There is no other possibility, the profile is generated by Windows when a user signs in. Of course, someone can copy the profile directory from a USB memory stick and place it under C:\users, but that accomplishes nothing, because Windows has to generate it in order to be useful.

Save

yora

Discussion Starter · #5 · Oct 5, 2016

Thank you. That was what I suspected/feared. I will definitely take this to my IT security team tomorrow to dig into what security may have been breached. You rock!

Save

DaveA

· #6 · Oct 6, 2016

Is there an account with this users name?

Before one can log in one must have an account made on that machine.

Save

lunarlander

· #7 · Oct 7, 2016

The Users folder needs admin privileges to write to. So whoever created the folder has reached admin or system.

Save

1 - 7 of 7 Posts

Status: Not open for further replies.

Top Contributors this Month