Windodws 7

How can I audit what IP's are remotely logging in to the computer?  Also, is it available to track both ip and user name?
Jack_son_Asked:
Who is Participating?
 
MarcusSjogrenConnect With a Mentor Commented:
Hi,

I don't have Windows 7 available for testing, but if you have the professional or enterprise version you can see it in the event log -> Windows Logs -> Security. Task Category = Logon

I have attached a screenshot, it was done on Server 2012 R2 since I did not have Windows 7 available, but it should be similar as I remember.

This is not a super-simple-solution, and there is no easier solution either.

I dont think there is any way of doing this if you are using WIndows 7 Home or similar versions.
Windows-Logon.png
0
 
John HurstBusiness Consultant (Owner)Commented:
You cannot log onto a computer without a user name and password. Knowing the IP of a computer does not permit log on.

What is happening to you?  

If you are looking for web traffic talking to your computer, you can run Wire Shark or Comm View (tamsoft.com) to see what packets are going in and out. You can track this traffic by IP address.
0
 
dlb6597Commented:
first confirm auditing is enabled. run secpol.msc, expand Local Policies, Audit Policy. Make sure the security setting is at minimum set to Success (it is also good to audit Failures).

Then in the security event log you will see the  logon events. Event id 528 will signify local (logon Type 2) or terminal services (logon type 10) logons, event id 540 will indicate network logons (to shares, etc.)

event id's 529 through 539  signify various types of logon failures..Event 538 will signify a user logoff.


event ID's
0
 
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
Jack_son_Author Commented:
This worked for me - thanks
0
All Courses

From novice to tech pro — start learning today.