We have a Win Server 2008 AD/DS environment. On of my clients believes someone is logging into his computer. I checked the Security Event Viewer, and sure enough, I am seeing multiple entries where other AD user accounts are logging into the machine.
However, I would think that if they are, it would create a windows profile, even if it were a REmote Desktop Session, but there is none showing in the C\users\ folder. I do not understand why this is happening. Here is an example of what I am seeing. Would appreciate someone's help. I have search around, but all I can find out is the code is referencing an authenticated login. The example below is an AD account that is not the primary user on the machine, and there is no user account profile folder created.
An account was successfully logged on.Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain:-
Logon ID: 0x0
Logon Type:3
New Logon:
Security ID: S-1-5-21-1251593346-2599328327-789591870-1132
Account Name: djacobs
Account Domain:MLI
Logon ID: 0x88c8cab
Logon GUID: {2D85B108-C42E-909A-AF80-B32EA33745A4}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name:
Source Network Address:192.168.0.189
Source Port: 61033
Detailed Authentication Information:
Logon Process:Kerberos
Authentication Package:Kerberos
Transited Services:-
Package Name (NTLM only):-
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Se