In the organization I work for, the computers are connected in a network, and I can access each PC's filesystem via '\' if I state the "Master User" credentials, once the login window pops up.
since I was not connected to the PC via a remote desktop session, but just navigated via the filesystem explorer, is there any way of knowing about it?
That is if someone did it for my PC?
Yes. The Windows event log (eventvwr.msc) on the local machine will show the logon in the Security log.
For example, the event details might look like this:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 23/03/2015 13:08:55
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: POLYBOX
Description:
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: POLYBOX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 7
New Logon:
Security ID: POLYBOX\polynomial
Account Name: polynomial
Account Domain: POLYBOX
Logon ID: 0x55539572
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2f4
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: POLYBOX
Source Network Address: 10.0.99.11
Source Port: 12345
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Alternatively, security auditing can be set up to monitor the access of securable objects (files, registry keys, services, processes, users, groups, etc.) and provide a rich listing of changes made.
