Do you want to know who accesses your computer in your absence? this is important because you want to know if something has been done to your computer when you were not around, hackers could have to install something in your pc that will give remote access to your PC and that will be very bad.
To make this possible we are going to use an inbuilt windows feature called Windows Event Viewer. The Event Viewer post a notification in an Event Log whenever a user starts a program on a PC, it also records every security changes all the system access and all driver issues
This gives you very powerful control over your PC.
How to start Event Viewer in Windows PC?
To start Event Viewer in your Windows 7 and 8.1, you need to click the Start Button and open the Control Panel. Now find the System and Maintenace option and click on it. There, you’ll find the Administrative Tool which will contain Event Viewer.
You access the Event Viewer on your Windows 7,8,8.1 PC by
- Open the control panel
- Click on the System and Maintenance option
- Choose the Administrative Tool and then choose Event Viewer
- Or simply open Run dialog by pressing Windows+R key and type in the Run dialog eventvwr
You open the Event Viewer in Windows 10 by simply pressing Windows + X and then choose Event Views in the menu. Or you can also perform the fourth step.
Now, after opening Event Viewer in your Windows PC, it time to find out if indeed someone used your PC and you do that by locating Windows Logs > System. In the middle pane, this will open a list of the events that took place when the Windows system was running. The events might take a couple of moments to populate. Here, click on any row in the middle pane to open a new pop-up with the information about that particular event.
Now, to find out if someone logged into your PC, you need to sort this data.
To do this, click on the Filter Current Log button in the right pane. Firstly, make sure that the Event logs field shows the System. Secondly, make sure that the User field shows <All Users>. As shown in the screenshot, enter event IDs 6005 and 6006 in the empty field. This will filter the System events.
You can see the start-up and shut downtime in the Date and Time column. Here, Event ID 6005 means “The event log service was started” (i.e. start-up time) and 6006 means “The event log service was stopped