Solved

Windodws 7

Posted on 2015-01-20
6
59 Views
Last Modified: 2015-02-18
How can I audit what IP's are remotely logging in to the computer?  Also, is it available to track both ip and user name?
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 40559632
You cannot log onto a computer without a user name and password. Knowing the IP of a computer does not permit log on.

What is happening to you?  

If you are looking for web traffic talking to your computer, you can run Wire Shark or Comm View (tamsoft.com) to see what packets are going in and out. You can track this traffic by IP address.
0
 
LVL 9

Expert Comment

by:dlb6597
ID: 40559657
first confirm auditing is enabled. run secpol.msc, expand Local Policies, Audit Policy. Make sure the security setting is at minimum set to Success (it is also good to audit Failures).

Then in the security event log you will see the  logon events. Event id 528 will signify local (logon Type 2) or terminal services (logon type 10) logons, event id 540 will indicate network logons (to shares, etc.)

event id's 529 through 539  signify various types of logon failures..Event 538 will signify a user logoff.


event ID's
0
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 40559660
Hi,

I don't have Windows 7 available for testing, but if you have the professional or enterprise version you can see it in the event log -> Windows Logs -> Security. Task Category = Logon

I have attached a screenshot, it was done on Server 2012 R2 since I did not have Windows 7 available, but it should be similar as I remember.

This is not a super-simple-solution, and there is no easier solution either.

I dont think there is any way of doing this if you are using WIndows 7 Home or similar versions.
Windows-Logon.png
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 40617840
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 

Author Closing Comment

by:Jack_son_
ID: 40617841
This worked for me - thanks
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HP laptop drivers 12 59
Windows 7 PRO PC as a Terminal Server/Remote connection??? 4 50
laserjet printer error 10 43
Desktop loading is delayed 38 43
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question