Ever wonder how to keep a track of who logged into your computer and when they log in? Or want to find out who is trying to break into your Windows account? Luckily Windows comes with a built-in feature – Logon Auditing, which enables you to record logon, logoff and logon failure events, along with the user information and the time at which the computer was accessed.
In this article we’ll show you how to enable logon auditing to have Windows track which user accounts log in and when. This is particularly helpful in determining and analyzing any attacks on a local computer or over a network.
Part 1: Enable Logon Auditing in Windows
To enable Logon Auditing, we need to configure Windows Group Policy settings. Press Windows + R, type gpedit.msc and press Enter.
After the Local Group Policy Editor opens up, navigate to Local Computer Policy –> Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Audit Policy. Double-click the Audit logon events policy in the right pane.
When the logon event property window opens up, check both Success and Failure to audit all types of account logon activities. Click Apply to save your changes.
From now on, every log in, log off and failed log in attempts will be recorded in the Event Viewer.
Part 2: View Logon Audit Events
To launch Event Viewer, click Start, type Event Viewer and hit Enter. In Windows 8, you can press the shortcut Windows + W and search for the Event Viewer applet.
In the Event Viewer window, navigate to the Windows Logs -> Security option to see the logs for both the successful and failed logon attempts.
Double click on one of the logon events, you will find out the details like the user that has been logged in or logged out, logon date and time, etc.
Conclusion
So that is how you can record and view logon events in Windows 7 Pro. Logon Auditing is also available in Windows 8 (Windows 8 Pro, Ultimate and Enterprise editions) too, although not in all the versions.