How to tell if someone other than myself logged into my pc. Or when it occured.

Hello, I am a software developer, myself and another software developer on our team have found that our source code has been tampered with/(changed/broken) without our consent. I honestly think it is our manager, who is an interesting character with very passive agressive tendencies. I really don't care who is tampering with the code, and I don't want to get anyone fired. I just want this crap to stop. My guess is that someone has our login credentials and is logging into our machines and making the code changes. We have what seems to be a secure software repository for checking in and out our code. However somehow the code is still getting hacked.

So here is my question. We are on Windows 7 OS. Is their a way for me to tell when someone besides myself logged into my PC? Or at least see when the last time my pc was logged into? This is a smaller company and I know that at times the System administration staff probably needs to log into our pcs without our consent. So I fully expect others to log into our PCs. I just need to know if their is a way for me to access the login/logout history of my PC.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob MinersCommented:
You could try NirSoft WinLogOnView

WinLogOnView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - WinLogOnView.exe

This utility works on Windows Vista/7/8/2008. Both 32-bit and 64-bit systems are supported.

This is more complicated than it should be, this Technet blog post will give some details on how to look at the security event logs:

Here is how to check the events in event viewer:
Pramod UbheCommented:
Here a script that you need to save as .vbs and change below parameters -

Const ADMIN_EMAIL = ""
Const SMTP_SERVER = "SMTPservername"
Const SMTP_PORT = 25 ' Do not change if you are unsure
Const USE_AUTHENTICATION = False ' in case of True, enter username and password below -
Const SMTP_USER = "username"
Const SMTP_PASS = "password"

Keep this script at - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

whenever anyone loggs in to your computer an email will be sent with the user details to and the user logged in will not know anything about it.
You can modify it for your requirements.

' Logon Notification
  ' This script can be run as a logon script to send email notification
  ' when a user logs on to a system.  Details about the logon event are
  ' included in the email.
  ' LogonNotification.vbs

' Please indicate where notifications should be sent
Const ADMIN_EMAIL = ""

' Please provide the following details for your SMTP server
Const SMTP_SERVER = "SMTPservername"
Const SMTP_PORT = 25 ' Do not change if you are unsure

' If your SMTP server requires authentication, please set
' USE_AUTHENTICATION to True and supply a username and password
Const SMTP_USER = "username"
Const SMTP_PASS = "password"

' If your SMTP server uses Secure Password Aunthentication, please
' set the following value to True.
Const SMTP_SSL = False

' Set this value to true while testing

' Do not change anything below this line
Set WshNetwork = CreateObject("WScript.Network")

dteTime = Time
dteDate = Date

strMessage = "A user has logged onto <b>" & ComputerName & "</b> from <b>" & "</b> with the following details:<br><br>" _
      & "Logon Date: " & dteDate & "<br>" _
      & "Logon Time: " & dteTime & "<br>" _
      & "Account Name: " & AccountName & "<br>"

result = SendMail(strMessage)

If ENABLE_DEBUGGING Then WScript.Echo result

Function AccountName
      If IsNull(WshNetwork) Then Set WshNetwork = CreateObject("WScript.Network")
      AccountName = WshNetwork.UserName

End Function

Function ComputerName
      If IsNull(WshNetwork) Then Set WshNetwork = CreateObject("WScript.Network")
      ComputerName = WshNetwork.ComputerName

End Function

Function SendMail(strBody)
      Set objEmail = CreateObject("CDO.Message")
      With objEmail
            .From = ADMIN_EMAIL
            .To = ADMIN_EMAIL
            .Subject = "Logon Notification"
            .HTMLBody = strBody
            .Configuration.Fields.Item _
                  ("") = 2
            .Configuration.Fields.Item _
                  ("") = SMTP_SERVER
            .Configuration.Fields.Item _
                  ("") = SMTP_PORT
            If USE_AUTHENTICATION Then
                  .Configuration.Fields.Item _
                        ("") = 1
                  .Configuration.Fields.Item _
                        ("") = SMTP_USER
                  .Configuration.Fields.Item _
                        ("") = SMTP_PASS

            End If
            If SMTP_SSL Then
                  .Configuration.Fields.Item _
                        ("") = True

            End If

            On Error Resume Next


            If Err.number <> 0 Then
                  SendMail = Err.Description

                  SendMail = "The server did not return any errors."

            End If
            On Error Goto 0

      End With

End Function

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Onn LightSAP Technical ConsultantCommented:
Hi  brgdotnet

eventvwr /f:"<QueryList><Query Id='0' Path='Security'><Select Path='Security
'>*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and TimeCreated
[timediff(@SystemTime) &lt;= 86400000]]]</Select></Query></QueryList>"

Open in new window

The above will give you a filtered view from the eventviewer of Logon in the past 24 hours.

Thanks and Regards
brgdotnetcontractorAuthor Commented:
Thanks everyone so much for your help.
Rob MinersCommented:
Your welcome :)

Also think of offline attacks. If I start my win8togo usb installation, I won't get logged anywhere but I can modify your code as well. To stop that, encryption would be needed.
Also make sure that no one has administrative access but the support personnel. If someone else had, he could quite easily circumvent most protective measures.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.