Out of nowhere a new user folder shows up in C:\User. Is it possible remotely even though Remote Desktop Connection is turned off?

Panchali Mukherjee 1 Reputation point

Hi we have a Windows Server 2019 with Active Directory. I am working on a new laptop. Until now in the C:\User folder was only my name, Default and another name. But suddenly since Tuesday another username shows up in the C:\User folder. Does this mean this person logged on to my laptop manually or can a profile name be created in C:\User even if that person did something remotely over Powershell. Just FYI Remote Desktop Connection is turned off on my laptop.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,552 questions
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,005 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,102 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Dave Patrick 426.4K Reputation points MVP

    Can a user folder be created in the C:\User folder if they were doing some updates over the network?

    I suppose anything is possible. Do you see ntuser.dat? If so then someone logged on and the file timestamp should tell you when they last logged on.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    1 person found this answer helpful.

  2. Dave Patrick 426.4K Reputation points MVP

    Not much to go on but most likely is the user has logged on to the laptop locally or remotely.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. Zain Choudry 6 Reputation points

    There are other ways a user can log into your machine, a few examples are psexec or remote PowerShell. However, they would most likely need to be local administrator to do this.

    I would look at the Windows Security Event Logs to see if there's any clues to what might have happened.

    A few questions might help also.

    Is the computer added to a domain? Is the new profile a domain user? If it's not added to a domain then is the user a local admin on the computer? You can check this using computer management.