# Check / Find PC access logs



## rose tamang (Apr 5, 2011)

Hey, dude!

My system is a part of domain network (windows server 2003) with limited privilege. I was away from my desktop for a month.

I have important files saved on my desktop. All the users (also an admin) have access to my system for log in.

How do I know that anyone played with my files and folders in my absence?

Is it in the event viewer?

One thing is strange to discover. Before a month I had no access to a user's profile folder and even an admin's folder. But after a month, I can open a user and an admin profile folder in my system. How come?


----------



## coolpcguy (Apr 5, 2011)

*Re: Grab the culprit!*



rose tamang said:


> Hey, dude!
> 
> How do I know that anyone played with my files and folders in my absence?


Probably check if the last modified date has been altered.



> Is it in the event viewer?


No.

One thing is strange to discover. 





> Before a month I had no access to a user's profile folder and even an admin's folder. But after a month, I can open a user and an admin profile folder in my system. How come?


Group policy settings might have been altered.


----------



## rose tamang (Apr 8, 2011)

How to identify a user played with my PC during my absence?
Has he inserted a flash or external drive into my system?
Has he copied any of the files from my system?
Has he stolen any of my valuable information from my system?


----------



## nims11 (Apr 8, 2011)

^^ u should have installed a logger software(like ESP+) before going away if you suspected someone to play with your desktop in your absence. 



rose tamang said:


> Has he inserted a flash or external drive into my system?



use this software to view all the USB devices ever connected to your computer. you can also view the date when it was first connected(ie, the day its driver was installed).
*www.nirsoft.net/utils/usbdeview.zip

for other questions, i don't have any idea.


----------

