Accept you e’er wanted to monitor who’s logging into your computer and when? On Professional editions of Windows, you can enable logon auditing to have Windows track which user accounts log in and when.

The Audit logon events setting tracks both local logins and network logins. Each logon consequence specifies the user account that logged on and the time the login took identify. You can as well see when users logged off.

RELATED:

How to Meet Previous Logon Information on the Windows Sign In Screen

Note:Logon auditing simply works on the Professional edition of Windows, and then you can’t utilize this if yous take a Dwelling house edition. This should piece of work on Windows seven, 8, and Windows x. We’re going to cover Windows 10 in this article. The screens might await a trivial unlike in other versions, just the process is pretty much the same.

Enable Logon Auditing

RELATED:

Using Group Policy Editor to Tweak Your PC

To enable logon auditing, you lot’re going to utilize the Local Grouping Policy Editor. It’southward a pretty powerful tool, and so if yous’ve never used information technology before, it’south worth taking some time to learn what information technology can practise. Likewise, if you’re on a visitor network, do everyone a favor and check with your admin first. If your work computer is function of a domain, it’s also likely that it’south part of a domain group policy that will supersede the local group policy, anyway.

To open the Local Group Policy Editor, striking Showtime, type “gpedit.msc, and and so select the resulting entry.

In the Local Group Policy Editor, in the left-hand pane, drill downward to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Inspect Policy. In the right-paw pane, double-click the “Audit logon events” setting.

In the properties window that opens, enable the “Success” option to have Windows log successful logon attempts. Enable the “Failure” option if y’all also want Windows to log failed logon attempts. Click the “OK” button when you’re done.

You can now close the Local Group Policy Editor window.

View Logon Events

RELATED:

What Is the Windows Event Viewer, and How Can I Utilise It?

Later you enable logon auditing, Windows records those logon events—along with a username and timestamp—to the Security log. You can view these events using Event Viewer.

Hitting Commencement, type “event,” and and so click the “Event Viewer” result.

In the “Event Viewer” window, in the left-hand pane, navigate to the Windows Logs > Security.

In the middle pane, you’ll likely run across a number of “Audit Success” events. Windows logs separate details for things like when an account someone signs on with is successfully granted its privileges. Y’all’re looking for events with the outcome ID 4624—these correspond successful login events. Y’all can encounter details about a selected outcome in the lesser part of that middle-pane, but you tin can also double-click an consequence meet its details in their own window.

And if you lot scroll downward just a chip on the details, you tin come across information you’re afterwards—similar the user account name.

And because this is just another effect in the Windows consequence log with a specific event ID, you tin also use the Task Scheduler to take activeness when a logon occurs. You can even have Windows email you when someone logs on.

RELATED:

How to Automatically Run Programs and Set Reminders With the Windows Task Scheduler