LKBEN10742: How to monitor who is accessing your computer.

Symptom

You need to know who accesses your pc.

Cause

You want to know who is accessing or trying to change settings of computer.

Solution

Windows give you the option to monitor who is accessing or trying to change settings of you computer. This is called "auditing". If you want to activate auditing take the following steps:

- Click Start > run and type "secpol.msc" then click ok or press enter. If you are prompted for an administrator password, type in the password.
 
- Click "Local Policies" and then double click "Audit Policy".
 
- Double click the type of event that you want to monitor and select the Success or Failure check box or both and then click OK.
(If Success is selected, Windows will record any successful  attempts to complete the type of event that you are monitoring. If Failure is selected, any unsuccessful attempt will be recorded. If you select both Success and Failure, Windows will record all events.
 
 
If you want ot view the audit log just open the event viewer and selecet the "Windows logs" pane and then choose "Security". In the list of event, just double click on an entry to see details.
 
 
Note: If the audit log gets too big, it will slow down your computer. To make more space, you can delete events from the log when you are viewing them in Event Viewer. To delete the complete log, click "clear log" in the Actions pane.

Disclaimer:

About the Author

Author: Wim Peeters - Keskon GmbH & Co. KG

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.

Latest update: 05/10/2020 | Comment: