- Open the Event Viewer as an Admin user: right click on the Start button and select Command Prompt (Admin). Run command eventvwr.msc.
- On the left side of the Event Viewer dialogue, select Windows Logs|Security from Event Viewer.
- Events are listed in the center part of the dialogue.
- On the right side of the dialogue, select Filter Current Log... from Actions|Security to open the filter dialogue.
- In the Filter Current Log dialogue, look for Event sources near the center. Click on the drop down button and select Microsoft Windows security auditing from the list.
- Find Task category below. Click on its drop down menu and multi-select Logon, Special Logon, Other Logon/Logoff Events.
- Click on the OK button to close the Filter Current Log dialogue.
- Go back to the list of all the logon events and click on them to see the details in the panel below.
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-special-logon
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-logonlogoff-events
No comments:
Post a Comment