How to check if someone logged into your Windows 10 PC

By Mauro Huculak
published

Did you ever wonder who had access to your PC and when it happened? In this guide, we'll show you the steps to use Windows 10's auditing feature to track login attempts.

On Windows 10, you can enable the "Auditing logon events" policy to track login attempts, which can come in handy in many scenarios, including to find out who has been using your device without permission, troubleshoot certain problems, and more.

When the policy is enabled, Windows 10 can track local, and network logins whether they're successful or not, and every event will include the account name and the time of when it happened among other information. Typically, this feature is reserved for organizations, but anyone can use it as long as you know the process.

In this Windows 10 guide, we'll walk you through the steps to see when and who has signed into your device using Group Policy and the Event Viewer.

How to enable logon auditing policy on Windows 10

If you're running Windows 10 Pro, you can use the Local Group Policy Editor to enable the "Audit logon events" policy to track success and feature sign-in attempts on your device.

Important: Group Policy isn't available on Windows 10 Home, but interesting enough, at least login auditing for successful attempts comes enabled by default in this edition. If you're running Windows 10 Home, you can skip these steps, and jump right into the Event Viewer instructions.

  1. Use the Windows key + R keyboard shortcut to open the Run command.
  2. Type gpedit.msc and click OK to open the Local Group Policy Editor.
  3. Browse the following path:Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
  4. On the right side, double-click the Audit logon events policy.

  1. Check the Success and Failure options.

  1. Click Apply.
  2. Click OK.

After completing the steps, Windows 10 will track every login attempt to your device whether it's successful or not.

If you're no longer interested in tracking logins on your computer, you can use the same instructions, but on step No. 5, make sure to clear the Success and Failure options.

How to see who logged into Windows 10

Once you've configured Windows 10 to audit logon events, you can use the Event Viewer to see who signed into your computer and when it happened.

  1. Open Start.
  2. Search for Event Viewer, click the top result to launch the experience.
  3. Browse the following path:Event Viewer > Windows Logs > Security
  4. Double-click the event with the 4624 ID number, which indicates a successful sign-in event.Quick Tip: On Windows 10 Pro, you can also double-click the event with the 4625 ID number to see unsuccessful attempts, or event ID 4634 to see when the user logged off.

In the event log, you'll find a lot of useful information, but you can simply look at the Logged section to figure out when the event took place, and within the "General" tab, look under New Logon to find out the account that was granted permission to your computer.

Using filters

The "Security" page logs many login attempts, including from background services, as such you may need to browse a few events until you find the information you're seeking. However, you can speed up the process using the Event Viewer filter feature to create a custom view to see only the login attempts.

  1. Right-click Custom Views.
  2. Select the Create Custom View option.

  1. Use the Logged drop-down menu, select a time range you want.
  2. Check the By log option.
  3. Use the "Event logs" drop-down menu, and select Security under "Windows Logs."
  4. In the "All Event IDs" field, type 4624.

  1. Click OK.

Once you've completed the steps, you'll be able to find out who and when someone successfully signed into your device more quickly.

Although we're focusing this guide on Windows 10, you can also refer to these instructions to track logins to your device on previous versions, including Windows 8.1 and Windows 7.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Mauro Huculak
Mauro Huculak

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

7 Comments
  • If you're using an email for logging in, you can check the activity online. It also displays the nature of the access (local device, email sync, etc), location, time, and allows you to report inappropriate access (such as someone trying to hijack your email). Just log into the web client, go to Account > Security > Review Activity.
  • Yeah, that's something I've noticed as well, it will also let you see that information for all the devices on your account as well.
  • Microsoft has just developed a game cheating API which notifies game developers about users who are cheating. IMO this will soon morph into Microsoft notifying game developers (with this API) about users who are using pirated games. Your computer will soon be an extension of law enforcement. How do you check if Microsoft is snooping on your computer?
  • This has nothing to do with the article, however you are referring to TruePlay which has been in Windows since version 1607 and can be switched off but, honestly, if you cheat in games then you get what you deserve anyway.
  • I don't agree - its about the security of the system and who has access and how to check it.
  • You need to read the article again - its about the security of Windows 10 and determining who has access to your system and how to check on that access. All access to your computer should be monitored, not just the access that makes you believe that your system is secure (incorrectly). You cannot check on the access that Microsoft has which is a major security flaw. That is why Germany has determined that Windows 10 is not a secure system. The same goes for China banning Windows 8 and Windows 10 because of the inbuilt spyware it contained. Microsoft is head of the BSA which is an anti-piracy organization and developers of Windows 10 have been reported stating that Windows 10 will be used to stop pirating - this has occurred since the very beginning of Windows 10. By the way, I don't play computer games. The only people I know who were accused of cheating at games were kicked off because they were too good at playing those games and suspected at being a bot. Users being reported to game manufacturers for suspected cheating is a breach of their right to privacy and exposing those users to claims of inappropriate internet conduct with legal implications. This is not a good example of security.
  • Well, very good article, but I need yet one thing for filtering! The obvious filtering OUT myself. Finding who else is logging in my System except me can be tentious job, as I appear to logon more than a million times..
    So is there a way to filter myself out? ps. I see user is N/A and Computer with my computer's username.