Wednesday, April 17, 2019

Windows: find out who has logged on to the system


  1. Open the Event Viewer as an Admin user: right click on the Start button and select Command Prompt (Admin). Run command eventvwr.msc.
  2. On the left side of the Event Viewer dialogue, select Windows Logs|Security from Event Viewer.
  3. Events are listed in the center part of the dialogue.
  4. On the right side of the dialogue, select Filter Current Log... from Actions|Security to open the filter dialogue.
  5. In the Filter Current Log dialogue, look for Event sources near the center. Click on the drop down button and select Microsoft Windows security auditing from the list.
  6. Find Task category below. Click on its drop down menu and multi-select Logon, Special Logon, Other Logon/Logoff Events.
  7. Click on the OK button to close the Filter Current Log dialogue.
  8. Go back to the list of all the logon events and click on them to see the details in the panel below.
The description of Special Logon and Other Logon can be found on Microsoft's web site:
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-special-logon
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-logonlogoff-events

No comments:

 
Get This <