Does your PC look different from the last time you opened it? Do you suspect a strange login? You may be able to trust your computer with friends and family around, but at the workplace, you may never know who accessed it.
These days, almost all our important and confidential documents are stored on our computers. Thus, you could risk losing a lot if someone snoops around with malicious intent.
If you’re wondering how to figure out whether someone logged onto PC or not, here’s what you can do.
- If you’re a regular computer user, you probably already know how to check your recently opened files. Windows introduced this to increase the ease-of-use.
- This feature makes it convenient to add attachments to emails and upload on your blog. However, it also allows you to find out if someone has been accessing your files.
- If you’re unfamiliar with this, just open File Explorer and select This PC. Alternatively, you can press Windows key + E. Then, select Quick Access at the top left of the menu.
- This will give you a glimpse of what all has been opened. If there’s something you know you didn’t open, you can be sure that there has been suspicious activity.
- If someone has secretly tried to access your computer behind your back, they won’t come unprepared. It’s possible that the snooper will erase recent activity.
- However, you can still go to Quick Access > Options > Clear File Explorer History and see if something looks fishy. Recently deleted activity will be a sign that someone logged into your PC.
- In order to find out which files were opened, go back to File Explorer. Type “datemodified:” in the search bar at the top. You can refine your search with a date range.
- The feature is likely to be more useful if you select ‘today’ but it’s also possible to search for results from a year ago.
- There will be a list of files that have been accessed only if they were changed or modified. Check the list of items and look for modifications made when you weren’t using your PC.
Yes, it seems obvious that if someone were to snoop around on your PC, they would clear the browser history. However, it’s quite possible to forget this step in a hurry.
There’s a good chance that whoever accessed your computer, went on Google. Check your browser history. If there are other browsers on your computer, check their history too.
- The methods discussed so far were simple ways to identify suspicious logins. You can also dig deeper to look for evidence. If you use a Windows 10 Home, it will automatically audit logon events. This means that it will note down the time every time there’s a login.
- Look for Event Viewer on your computer and click on the app. Go to Windows Log> Security and you’ll find a long list of activities. It probably won’t make sense to you unless you’re familiar with Windows ID codes.
- Look out for “4624”, which is recorded as “Logon”. “4672” stands for “special logon”, which would be in conjunction with standard logon. This is indicative of admin login. “4634” will be recorded when an account logs off. You can further check individual logs for more details on which account signed in.
- While the Windows 10 Home version audits logon by default, the Pro version might need some configuration. Find the Group Editor Policy by searching for “gpedit”. Further, go to Computer Configuration> Windows Settings > Security Settings > Local Policies > Audit Policies > Logon Audits.
- You will be required to select Success or Failure for it to register unsuccessful login attempts. After all this, you can check audits via Event Viewer as mentioned above.