In Windows 7, is there a way to know if somebody has logged into my account when I was absent?
Specifically, is it possible to know if a person with administrator privileges somehow entered my account (i.e. in order to get into my email etc.)?
Securitywindows 7
In Windows 7, is there a way to know if somebody has logged into my account when I was absent?
Specifically, is it possible to know if a person with administrator privileges somehow entered my account (i.e. in order to get into my email etc.)?
Best Answer
Recommended Method EDITED (Please Upvote Susan Cannon down below):
Press Windows button + R and type
eventvwr.msc
.In event viewer, Expand Windows Logs, and select System.
In the middle you’ll see a list with Date and Time, Source, Event ID and Task Category. The Task Category pretty much explains the event, Logon, Special Logon, Logoff and other details.
The events will be called Winlogon, with Event ID 7001.
The event Details will contain the UserSid of Account logging on, which you can match with a list obtained from Command Prompt using:
Hope this helps!
To see a list, run "PowerShell", and paste the following script into its window:
You'll have a bunch of system logins; they are normal.
What you will be looking for: Event ID 7001 - Winlogon.
Under the Details Tab, Look for UserSid
An indication of a login will look like this: (win 8.1) This will probably be different in win 7
Then open up command prompt by right clicking start button and selecting it.
Type in "wmic useraccount" and match the SID with the preceding username in the long list that comes up.
We see from the list that Superuser is the account matching the SID.