How To See Who Logged Into a Computer and When

Have you ever wanted to monitor who’s logging into your computer and when? On Professional editions of Windows, you can enable logon auditing to have Windows track which user accounts log in and when.
The Audit logon events setting tracks both local logins and network logins. Each logon event specifies the user account that logged on and the time the login took place. You can also see when users logged off.

Enable Logon Auditing

First, open the local group policy editor – press the Windows key, type gpedit.msc in the Start menu, and press Enter. (You can also enable logon event auditing on a domain controller if you administer a network with centralized logins.)

Navigate to the following folder: Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Audit Policy.

Double-click the Audit logon events policy setting in the right pane to adjust its options. In the properties window, enable the Success checkbox to log successful logons. You can also enable the Failure checkbox to log failed logins.

Viewing Logon Events

After enabling this setting, Windows will log logon events – including a username and time – to the system security log.
To view these events, open the Event Viewer – press the Windows key, type Event Viewer, and press Enter to open it.

Navigate to the Windows Logs –> Security category in the event viewer.
Look for events with event ID 4624 – these represent successful login events.

To see more information – such as the user account that logged into the computer – you can double-click the event and scroll down in the text box. (You can also scroll down in the text box underneath the list of events.)

If your security log is cluttered, you can click the Filter Current Log option in the sidebar and filter by event ID 4624. The Event Viewer will display only logon events.

Comments

Create a Restore Point for Windows 7 or Vista’s System Restore

If you are thinking of installing an application but aren’t quite sure what it’s going to do to your computer, I would absolutely recommend creating a restore point before you install that application, and here are the steps to do so. Note that most application installs automatically create a restore point, but you can do this if you are really worried. Open up the Start Menu and right-click on “Computer”, and then select “Properties”. This will take you into the System area of Control Panel. Click on the “System Protection” link on the left hand side. Now select the “System Protection” tab to get to the System Restore section. Click the “Create” button to create a new restore point. You’ll be prompted for a name, and you might want to give it a useful name that you’ll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it’s all finished, you’ll get a message saying it’s completed successf...

How to Clean Up Your Messy Windows Context Menu

One of the most irritating things about Windows is the context menu clutter that you have to deal with once you install a bunch of applications. It seems like every application is fighting for a piece of your context menu, and it’s not like you even use half of them. Today we’ll explain where these menu items are hiding in your registry, how to disable them the geeky way, and an easier cleanup method for non-geeks as well. Either way, your context menu won’t look like this one anymore… Cleaning the Context Menu by Hacking the Registry If you want to clean things up the truly geeky way, you can open up regedit.exe through the start menu search or run box, and then browse down to one of the following keys… sadly the context menu items are not stored in a single location. Most of the menu items that used for all files and folders can be found by looking at one of these keys: HKEY_CLASSES_ROOT\*\shell HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_...

How To Recover Passwords Using Ophcrack LiveCD

Ophcrack LiveCD 3.4.0 is a completely self contained, bootable version of Ophcrack 3.4.0 - the easiest and most effective tool that I've ever found to "crack" your forgotten Windows password. For a quick overview of Ophcrack, see my complete review of Ophcrack 3.4.0 . Ophcrack is a free software program that recovers passwords so the first step you'll need to take is to visit Ophcrack's website . When the Ophcrack website loads as shown above, click the Download ophcrack LiveCD button. Note: Since you obviously can't get into your computer right now because you don't know the password, these first four steps will need to be completed on another computer that you have access to. This other computer will need to have access to the Internet and the capability to burn a disc (like a CD, DVD, etc.). Another Note: The instructions I've put together here walk you through the entire process of using Ophcrack LiveCD to recover your password. If you...

Priyam Vaidya's Blog

Search This Blog