Yes. The Windows event log (eventvwr.msc
) on the local machine will show the logon in the Security log.
For example, the event details might look like this:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 23/03/2015 13:08:55
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: POLYBOX
Description:
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: POLYBOX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 7
New Logon:
Security ID: POLYBOX\polynomial
Account Name: polynomial
Account Domain: POLYBOX
Logon ID: 0x55539572
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2f4
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: POLYBOX
Source Network Address: 10.0.99.11
Source Port: 12345
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Alternatively, security auditing can be set up to monitor the access of securable objects (files, registry keys, services, processes, users, groups, etc.) and provide a rich listing of changes made.