Tutorial Windows: View Who Tried to Access Your Windows Account
If you’re the one using the computer right now and your younger brother or sister is just waiting for your time to finish, it’s not that bad; after all, sharing is caring.
The personal computer is not the only one that’s used by more individuals, and even your work computer can be a temptation incredibly difficult to resist for pranksters. Even if you do lock your computer and you also added extra layers of security, nobody can stop an individual from trying to access your account.
Since the guys over at Microsoft handle everything, mostly anyway, they decided to integrate a feature into Windows so you know whether or not someone tried to login to your account. The option is not enabled by default in all Windows versions, but you can turn it on. Here’s how and what it can do.
Enabling the logon audit
As mentioned above, you might not have this feature enabled by default. It’s there, but you just need to activate it, or at least make sure it’s running.
Step 1: Hit Win + R to launch the Run utility.
Step 2: Write down gpedit.msc and press Enter to access the Group Policy Editor.
Step 3: Use the left pane to navigate to the following location: Windows Settings -> Security Settings -> Local Policy -> Audit Policy. Then, click the Audit Policy group to reveal its content.
Step 4: Identify the Audit Logon Events by simply double-clicking it.
Step 5: Make sure Success and Failure are both ticked, or enable the attempt types you’re interested in.
Step 6: Hit Apply and OK to confirm changes.
Note: Windows 7 Home and standard Windows 8 don’t have the Group Policy Editor built-in, but tracking is enabled, so you can still view attempts.
Viewing Windows login attempts
Step 1 (Windows 7): Press Start, search for Event Viewer, and access it.
Step 1 (Windows 8): Right-click the Start Screen button and click on Event Viewer.
Step 2: Expand the Windows Logs folder in the left pane.
Step 3: Click on Security and that’s it.
Hint: You can filter all logs by clicking column headers, including the state of the login attempt.
Note: There’s also the possibility to export individual logs or all of them to several types of files just so you have proof when you catch the suspect.