How to tell if someone other than myself logged into my pc. Or when it occured.

Posted on 2013-10-10
Medium Priority
Last Modified: 2013-10-12
Hello, I am a software developer, myself and another software developer on our team have found that our source code has been tampered with/(changed/broken) without our consent. I honestly think it is our manager, who is an interesting character with very passive agressive tendencies. I really don't care who is tampering with the code, and I don't want to get anyone fired. I just want this crap to stop. My guess is that someone has our login credentials and is logging into our machines and making the code changes. We have what seems to be a secure software repository for checking in and out our code. However somehow the code is still getting hacked.

So here is my question. We are on Windows 7 OS. Is their a way for me to tell when someone besides myself logged into my PC? Or at least see when the last time my pc was logged into? This is a smaller company and I know that at times the System administration staff probably needs to log into our pcs without our consent. So I fully expect others to log into our PCs. I just need to know if their is a way for me to access the login/logout history of my PC.
Question by:brgdotnet
LVL 14

Assisted Solution

by:Rob Miners
Rob Miners earned 240 total points
ID: 39564534
You could try NirSoft WinLogOnView

WinLogOnView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - WinLogOnView.exe

This utility works on Windows Vista/7/8/2008. Both 32-bit and 64-bit systems are supported.


Download: http://www.nirsoft.net/utils/winlogonview.zip

Assisted Solution

1md earned 200 total points
ID: 39564535
This is more complicated than it should be, this Technet blog post will give some details on how to look at the security event logs:


Here is how to check the events in event viewer:

LVL 10

Accepted Solution

Pramod Ubhe earned 280 total points
ID: 39564782
Here a script that you need to save as .vbs and change below parameters -

Const ADMIN_EMAIL = "email@company.com"
Const SMTP_SERVER = "SMTPservername"
Const SMTP_PORT = 25 ' Do not change if you are unsure
Const USE_AUTHENTICATION = False ' in case of True, enter username and password below -
Const SMTP_USER = "username"
Const SMTP_PASS = "password"

Keep this script at - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

whenever anyone loggs in to your computer an email will be sent with the user details to email@company.com and the user logged in will not know anything about it.
You can modify it for your requirements.

' Logon Notification
  ' This script can be run as a logon script to send email notification
  ' when a user logs on to a system.  Details about the logon event are
  ' included in the email.
  ' LogonNotification.vbs

' Please indicate where notifications should be sent
Const ADMIN_EMAIL = "email@company.com"

' Please provide the following details for your SMTP server
Const SMTP_SERVER = "SMTPservername"
Const SMTP_PORT = 25 ' Do not change if you are unsure

' If your SMTP server requires authentication, please set
' USE_AUTHENTICATION to True and supply a username and password
Const SMTP_USER = "username"
Const SMTP_PASS = "password"

' If your SMTP server uses Secure Password Aunthentication, please
' set the following value to True.
Const SMTP_SSL = False

' Set this value to true while testing

' Do not change anything below this line
Set WshNetwork = CreateObject("WScript.Network")

dteTime = Time
dteDate = Date

strMessage = "A user has logged onto <b>" & ComputerName & "</b> from <b>" & "</b> with the following details:<br><br>" _
      & "Logon Date: " & dteDate & "<br>" _
      & "Logon Time: " & dteTime & "<br>" _
      & "Account Name: " & AccountName & "<br>"

result = SendMail(strMessage)

If ENABLE_DEBUGGING Then WScript.Echo result

Function AccountName
      If IsNull(WshNetwork) Then Set WshNetwork = CreateObject("WScript.Network")
      AccountName = WshNetwork.UserName

End Function

Function ComputerName
      If IsNull(WshNetwork) Then Set WshNetwork = CreateObject("WScript.Network")
      ComputerName = WshNetwork.ComputerName

End Function

Function SendMail(strBody)
      Set objEmail = CreateObject("CDO.Message")
      With objEmail
            .From = ADMIN_EMAIL
            .To = ADMIN_EMAIL
            .Subject = "Logon Notification"
            .HTMLBody = strBody
            .Configuration.Fields.Item _
                  ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
            .Configuration.Fields.Item _
                  ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTP_SERVER
            .Configuration.Fields.Item _
                  ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = SMTP_PORT
            If USE_AUTHENTICATION Then
                  .Configuration.Fields.Item _
                        ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
                  .Configuration.Fields.Item _
                        ("http://schemas.microsoft.com/cdo/configuration/sendusername") = SMTP_USER
                  .Configuration.Fields.Item _
                        ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = SMTP_PASS

            End If
            If SMTP_SSL Then
                  .Configuration.Fields.Item _
                        ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = True

            End If

            On Error Resume Next


            If Err.number <> 0 Then
                  SendMail = Err.Description

                  SendMail = "The server did not return any errors."

            End If
            On Error Goto 0

      End With

End Function
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations


Assisted Solution

by:Onn Light
Onn Light earned 240 total points
ID: 39565183
Hi  brgdotnet

eventvwr /f:"<QueryList><Query Id='0' Path='Security'><Select Path='Security
'>*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and TimeCreated
[timediff(@SystemTime) &lt;= 86400000]]]</Select></Query></QueryList>"

Open in new window

The above will give you a filtered view from the eventviewer of Logon in the past 24 hours.

Thanks and Regards

Author Closing Comment

ID: 39567484
Thanks everyone so much for your help.
LVL 14

Expert Comment

by:Rob Miners
ID: 39567599
Your welcome :)
LVL 58

Expert Comment

ID: 39568036

Also think of offline attacks. If I start my win8togo usb installation, I won't get logged anywhere but I can modify your code as well. To stop that, encryption would be needed.
Also make sure that no one has administrative access but the support personnel. If someone else had, he could quite easily circumvent most protective measures.

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question