Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mysterious user profile on server 1

Status
Not open for further replies.
bookouri

bookouri

IS-IT--Management
Feb 23, 2000
1,464
US
I have an AD domain with a 2003 member server that is used for misc file storage mostly. Its not a dc or exchange server or web server or anything special. Doing regular maintenance I noticed that there was a user profile created on the server that has no business being there. The profile is an active regular user who does not have any access to this server. The server is in a locked server room and this user doesn't even work in this physical facility but across town in another building. I looks like what i would have expected if a user managed to walk into the server room and log on to the server using their creditials, but this user has never been here. The only thing i could think of was that the user had stumbled across Remote Desktop and tried to log on to the server for some reason, bored, killing time or whatever. But I tested this with a test user, and since the user has no admin access remote desktop kicks them out as you would expect, and it does not try to create a user profile on the machine. I can't figure out any way to re-create this situation so I don't know what is going on.

Can anybody give me any idea how a non-admin user profile could have been created on a 2003 server without the user having physical access to the server? What remote event could have triggered creation of a user profile on this server?

thanks for any suggestions

 
Sort by date Sort by votes
I don't know of logical and technical reason why that would happen.

Best to look at the folder creation date of the user profile and then
A) ask the user if they did anything different that day.
B) ask other IT people including your boss if they've been doing anything.

Maybe this is a test of your ability to notice things.................
Best to report it even if you don't have a cause.
 
Upvote 0 Downvote
Yep, already did all those and have no explanation so far. I know the date and time and that the user WAS logged on to his local machine that day about that time. So its still a mystery.



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
357
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
426
Aquiles Vidal
Aquiles Vidal
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
460
DrB0b
DrB0b
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
537
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
358
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top