Have you ever wanted to monitor who’s logging into your computer and when? On Professional editions of Windows, you can enable logon auditing to have Windows track which user accounts log in and when.
您是否曾经想监视谁在何时登录计算机? 在Windows专业版上,可以启用登录审核,以使Windows跟踪登录的用户帐户和登录时间。
The Audit logon events setting tracks both local logins and network logins. Each logon event specifies the user account that logged on and the time the login took place. You can also see when users logged off.
审核登录事件设置跟踪本地登录和网络登录。 每个登录事件都指定登录的用户帐户和登录时间。 您还可以查看用户何时注销。
Note: Logon auditing only works on the Professional edition of Windows, so you can’t use this if you have a Home edition. This should work on Windows 7, 8, and Windows 10. We’re going to cover Windows 10 in this article. The screens might look a little different in other versions, but the process is pretty much the same.
注意:登录审核仅适用于Windows专业版,因此,如果您具有家庭版,则不能使用此功能。 在Windows 7、8和Windows 10上应该可以使用。在本文中,我们将介绍Windows 10。 屏幕在其他版本中可能看起来有些不同,但是过程几乎相同。
启用登录审核 (Enable Logon Auditing)
To enable logon auditing, you’re going to use the Local Group Policy Editor. It’s a pretty powerful tool, so if you’ve never used it before, it’s worth taking some time to learn what it can do. Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway.
要启用登录审核,您将使用“本地组策略编辑器”。 这是一个非常强大的工具,因此,如果您以前从未使用过它,那么值得花一些时间来学习它可以做什么 。 另外,如果您在公司网络中,请给所有人一个帮助,并首先与您的管理员联系。 如果您的工作计算机是域的一部分,则它也很可能是域组策略的一部分,无论如何,该组策略将取代本地组策略。
To open the Local Group Policy Editor, hit Start, type “gpedit.msc,“ and then select the resulting entry.
要打开本地组策略编辑器,请单击“开始”,键入“ gpedit.msc ” ,然后选择结果条目。
In the Local Group Policy Editor, in the left-hand pane, drill down to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy. In the right-hand pane, double-click the “Audit logon events” setting.
在“本地组策略编辑器”的左侧窗格中,向下钻取到“本地计算机策略”>“计算机配置”>“ Windows设置”>“安全设置”>“本地策略”>“审核策略”。 在右侧窗格中,双击“审核登录事件”设置。
In the properties window that opens, enable the “Success” option to have Windows log successful logon attempts. Enable the “Failure” option if you also want Windows to log failed logon attempts. Click the “OK” button when you’re done.
在打开的属性窗口中,启用“成功”选项以使Windows记录成功登录尝试。 如果您还希望Windows记录失败的登录尝试,请启用“失败”选项。 完成后,单击“确定”按钮。
You can now close the Local Group Policy Editor window.
现在,您可以关闭“本地组策略编辑器”窗口。
查看登录事件 (View Logon Events)
After you enable logon auditing, Windows records those logon events—along with a username and timestamp—to the Security log. You can view these events using Event Viewer.
启用登录审核后,Windows会将这些登录事件(以及用户名和时间戳)记录到安全日志中。 您可以使用事件查看器查看这些事件。
Hit Start, type “event,” and then click the “Event Viewer” result.
单击开始,键入“事件”,然后单击“事件查看器”结果。
In the “Event Viewer” window, in the left-hand pane, navigate to the Windows Logs > Security.
在“事件查看器”窗口的左侧窗格中,导航到Windows日志>安全性。
In the middle pane, you’ll likely see a number of “Audit Success” events. Windows logs separate details for things like when an account someone signs on with is successfully granted its privileges. You’re looking for events with the event ID 4624—these represent successful login events. You can see details about a selected event in the bottom part of that middle-pane, but you can also double-click an event see its details in their own window.
在中间窗格中,您可能会看到许多“审核成功”事件。 Windows会记录一些单独的详细信息,例如在某人登录时成功授予其特权的情况。 您正在寻找事件ID为4624的事件-这些代表成功的登录事件。 您可以在该中间窗格的底部看到有关选定事件的详细信息,但也可以双击某个事件在其自己的窗口中查看其详细信息。
And if you scroll down just a bit on the details, you can see information you’re after—like the user account name.
而且,如果您向下滚动一下详细信息,则可以看到所需的信息,例如用户帐户名。
And because this is just another event in the Windows event log with a specific event ID, you can also use the Task Scheduler to take action when a logon occurs. You can even have Windows email you when someone logs on.
并且由于这只是Windows事件日志中具有特定事件ID的另一个事件,因此您还可以使用任务计划程序在发生登录时采取措施。 当有人登录时,您甚至可以让Windows向您发送电子邮件 。
翻译自: https://www.howtogeek.com/124313/how-to-see-who-logged-into-a-computer-and-when/
1813
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
