Windows 7 (Home Premium): eventvwr.exe: How to log workstation locking and unlocking and screensaver invoked and dismissed events

2

1

I have found the following information pertaining to when a user starts and stops interacting with a Windows 7 Home Premium 64-bit PC. Theoretically, these events can be viewed in eventvwr.exe when run as Administrator.

However, I have tried locking and unlocking the workstation and nothing shows up in the log. What must I do to enable this behavior?

Logon Session Events

  • 4624 Successful logon
  • 4647 User initiated logoff
  • 4625 Logon failure (See Logon Failure Codes)
  • 4778 Remote desktop session reconnected
  • 4779 Remote desktop session disconnected
  • 4800 Workstation locked
  • 4801 Workstation unlocked
  • 4802 Screen saver invoked
  • 4803 Screen saver dismissed

UPDATE:

@DavidPostill, I have tried the solution below, downloading and running the file you mentioned, and copying the C:\SysWOW64\gpedit.msc file to C:\Windows\System32\gpedit.exe, but I ran into the following problem:

The files C:\SysWOW64\GroupPolicy and C:\SysWOW64\GroupPolicyUsers could not be copied to C:\Windows\System32\GroupPolicy and C:\Windows\System32\GroupPolicyUsers because these folders already existed.

Here is what I get when I run gpedit.msc:

enter image description here

Jordan Jamingsons

Posted 2015-10-25T16:04:30.597

Reputation: 149

Were you logged in as an Adminstrator when you tried to copy the directories? Can you try just copy the contents of C:\SysWOW64\GroupPolicy and paste to C:\Windows\System32\GroupPolicy? Note C:\SysWOW64\GroupPolicyUser is an empty directory so that shouldn't be a problem. – DavidPostill – 2015-10-25T20:53:38.593

The only other thing I can think of is that you have a non English version of Windows ... (Italian?) – DavidPostill – 2015-10-25T20:54:47.337

Yes, but the filenames should be the same even in my localized Italian version of Windows... ? – Jordan Jamingsons – 2015-10-27T19:52:12.840

Answers

0

What must I do to enable logging of Logon Session Events?

Use the Group Policy Editor (gpedit.msc) to enable auditing of Account Logon Events in the Windows Security Event Log.

Note: Windows Starter Edition, Home and Home Premium do not include gpedit.msc. Instructions to install it are provided later in this answer.

To enable auditing of Account Logon Events:

  1. Run gpedit.msc

  2. Select "Windows Settings" > "Security Settings" > "Local Policies" > "Audit Policy"

    ![enter image description here

  3. Right click "Audit account logon events" and select "Properties"

  4. Check "Success" and "Failure" as appropriate, then click "OK"

    ![enter image description here

How do I install gpedit.msc on Windows Starter Edition, Home and Home Premium?

I used the following procedure to successfully install gpedit.msc on Windows 7 64 bit Home Premium.

It apparently works on Windows 8 and Windows 8.1 as well.

UPDATE: According to some readers, this tool also works fine in Windows 8 and Windows 8.1.

Today we are going to share a simple installer which installs the required system files in Windows so that you can enjoy Group Policy Editor in all Windows 7 editions.

  1. First download the setup file using following link:

    Download Group Policy Editor Installer

    You'll find the download link in right-side section of the above mentioned page.

  2. After downloading the ZIP file, extract it using WinRAR or 7-Zip.

  3. Run the extracted setup.exe file.

    It will install the files and you'll be able to access gpedit.msc command via RUN or Start Menu search box.

Note:

  • For Windows 7 64-bit (x64) users! You'll also need to go to "SysWOW64" folder present in "C:\Windows" folder and copy "GroupPolicy", "GroupPolicyUsers" folders and gpedit.msc file from there and paste them in "C:\Windows\System32" folder.

If you are getting "MMC could not create the snap-in" error message while running gpedit.msc, check out following steps to fix the problem. Basically it happens when your username in Windows contains more than one word.

  1. Run the installer and leave it at the last step (do not click on the "Finish" button).

  2. Now go to C:\Windows\Temp\gpedit\ folder.

  3. If you are running 32-bit (x86) edition of Windows 7, right-click on x86.bat file and choose "Open With -> Notepad" option. If you are running 64-bit (x64) edition of Windows 7, right-click on x64.bat file and choose "Open With -> Notepad" option.

  4. You'll find a total of 6 lines containing the following string in the file:

    %username%:f

  5. Edit those lines and replace %username%:f with "%username%":f

    Original: icacls %WinDir%\SysWOW64\gpedit.dll /grant:r %username%:f

    New: icacls %WinDir%\SysWOW64\gpedit.dll /grant:r "%username%":f

  6. Save and run the file (right-click -> Run as Administrator).

  7. That's it. You'll have working gpedit.msc.

Source How to Enable "Group Policy Editor" (gpedit.msc) in Windows 7 Home Premium, Home Basic and Starter Editions?

DavidPostill

Posted 2015-10-25T16:04:30.597

Reputation: 118 938

thank you so much for your answer. Wish it would work for me... – Jordan Jamingsons – 2015-10-25T20:32:43.810

Asked: 2015-10-25T16:04:30.597

Viewed: 518 times

Active: 2015-12-14T23:09:31.093