You need to know who accesses your pc.
You want to know who is accessing or trying to change settings of computer.
Windows give you the option to monitor who is accessing or trying to change settings of you computer. This is called "auditing". If you want to activate auditing take the following steps:
- Click Start > run and type "secpol.msc" then click ok or press enter. If you are prompted for an administrator password, type in the password.
- Click "Local Policies" and then double click "Audit Policy".
- Double click the type of event that you want to monitor and select the Success or Failure check box or both and then click OK.
(If Success is selected, Windows will record any successful attempts to complete the type of event that you are monitoring. If Failure is selected, any unsuccessful attempt will be recorded. If you select both Success and Failure, Windows will record all events.
If you want ot view the audit log just open the event viewer and selecet the "Windows logs" pane and then choose "Security". In the list of event, just double click on an entry to see details.
Note: If the audit log gets too big, it will slow down your computer. To make more space, you can delete events from the log when you are viewing them in Event Viewer. To delete the complete log, click "clear log" in the Actions pane.
Disclaimer:The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
About the Author
Author: Wim Peeters - Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.
Latest update: 05/10/2020 | Comment: