If your computer is regularly accessed by members of your family or work colleagues, have you ever been curious to see who has logged into your computer and when? For those inquisitive individuals with Windows 7 (Professional, Ultimate or Enterprise only) installed, you can track users by enabling the Audit Logon policy setting in Group Policy.
Navigate to Start and type gpedit.msc in the search bar. Press Enter.
Local Group Policy Editor opens. Navigate to Computer configuration\Windows Settings\Security Settings\Local Policies\Audit Policy. In the right window pane, double click on Audit logon events policy settings.
The Audit logon events properties dialog box opens. Tick the Success checkbox to enable successful logon attempts. You also have the option to enable Failure logon attempts, but this is not essential. Click OK to save changes.
You are returned to Group Policy Editor. The Security Setting should have changed from ‘Not Configured’ to ‘Success’.
After the Audit Logon events policy setting has been enabled, logon events will now be stored in the system security log in Event Viewer. To review these logon events, navigate to Start and type Event Viewer in the search bar. Press Enter.
Event Viewer opens. Scroll to Window Logs\Security on the left hand pane. Search for events with the event ID 4624 as these represent successful logon attempts.
To find out which particular user logged onto your computer, click on a relevant event ID listed and review the General tab.