3
1
I'm using a remote computer with admin rights. But looks like that someone has logged on this remote computer while I'm not logged and disturbed my running work.
Question: How to know who has logged on this computer for the last day for example?
PS: My computer and the remote one are both win 7
2I find filtering on eventID 4624 to be the best way to extract this information from the Security log. – Frank Thomas – 2015-10-21T15:57:35.890
As a side note to my answer, when filtering by event ID the times are no longer in chronological order by time. You could either choose to
Filter Current Log...
and specify what you want, or you could organize it byDate and Time
then look for the correct ID. Assuming you have a general time frame of when this happened, sorting byDate and Time
may be the best option. – DrZoo – 2015-10-21T16:01:48.8431Thanks for the reply, but can I tell from which IP address he has logged? Because actually me and my team members all have the administrator account. So when I look at "Account Name", it just gives me "Administrator" which doesn't help. – KhaledMaged – 2015-10-21T16:07:42.717
@KhaledMaged as long as you guys all have a different computer, you can tell which computer it is by checking the computer name in the log. The computer name is the field that says
Computer
. I updated the image and circled the computer name field in blue. – DrZoo – 2015-10-21T16:12:12.6131@DrZoo But this field gives me the name of the remote computer in all cases. Even in the cases where I logged. Only the name of the remote computer itself. I know this may be weird, but that's what I have in front of me. – KhaledMaged – 2015-10-21T16:24:39.557
@KhaledMaged Another thing you could try is again going to Event Viewer and look under
Application and Services
logs. Then look under theRemoteApp and Desktop Connections
folder and try theTerminalServices-LocalConnectionManager
,TerminalServices-RemoteConnectionManager
folders. Hopefully one of those have valuable information that you could use. – DrZoo – 2015-10-21T20:15:24.243