Solved

Windodws 7

Posted on 2015-01-20
6
55 Views
Last Modified: 2015-02-18
How can I audit what IP's are remotely logging in to the computer?  Also, is it available to track both ip and user name?
0
Comment
Question by:Jack_son_
6 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 40559632
You cannot log onto a computer without a user name and password. Knowing the IP of a computer does not permit log on.

What is happening to you?  

If you are looking for web traffic talking to your computer, you can run Wire Shark or Comm View (tamsoft.com) to see what packets are going in and out. You can track this traffic by IP address.
0
 
LVL 9

Expert Comment

by:dlb6597
ID: 40559657
first confirm auditing is enabled. run secpol.msc, expand Local Policies, Audit Policy. Make sure the security setting is at minimum set to Success (it is also good to audit Failures).

Then in the security event log you will see the  logon events. Event id 528 will signify local (logon Type 2) or terminal services (logon type 10) logons, event id 540 will indicate network logons (to shares, etc.)

event id's 529 through 539  signify various types of logon failures..Event 538 will signify a user logoff.


event ID's
0
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 40559660
Hi,

I don't have Windows 7 available for testing, but if you have the professional or enterprise version you can see it in the event log -> Windows Logs -> Security. Task Category = Logon

I have attached a screenshot, it was done on Server 2012 R2 since I did not have Windows 7 available, but it should be similar as I remember.

This is not a super-simple-solution, and there is no easier solution either.

I dont think there is any way of doing this if you are using WIndows 7 Home or similar versions.
Windows-Logon.png
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 40617840
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 

Author Closing Comment

by:Jack_son_
ID: 40617841
This worked for me - thanks
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question