How to configure login event auditing?

The Windows operating system allows you to monitor all the activities that take place on a PC. It is even possible to log successful and/or failed logins and delete a user account if necessary. Therefore, you must know how to enable event auditing at logon with Windows 10. This tutorial shows you all the steps to achieve it.

Index( )

  1. What are the benefits of configuring event auditing?
    1. account security
    2. Login control
    3. Notice of failed entries to your account
  2. How to configure login event auditing?
  3. Where to view my recent activity with Windows 10?
  4. How to use your event viewer in Windows?

What are the benefits of configuring event auditing?

There are multiple benefits you can get from configuring event auditing. In this regard, it is possible to add a higher level of account security or receive a notice of failed entries to your account. In this sense, a user can know if someone has accessed and used his PC .

account security

The event authoring configuration allows you to have an account security log . In this regard, logon events are generated when a user attempts to authenticate on a local computer. Therefore, the event is saved in the local security log. It is important to mention that no events are created when a user logs out.

Login control

Enabling event auditing allows for login control. In this way, the operating system will record all entries made on a computer. These types of logs are stored on the device for viewing in an action viewer that only works on the professional version of Windows.

Notice of failed entries to your account

It is possible to specify if you want to get a notice of failed logins to your account . To do this, you’ll need to define policy settings. Therefore, an audit entry is produced each time an error occurs when logging on to a Windows computer .

How to configure login event auditing?

Auditing of login events can be configured . To achieve this, you will need to open the Windows Control Panel and select the ‘System and Security’ section. Click on ‘Administrative Tools’ and select the ‘Local Policies’ folder. Next, tap the ‘Audit Policy’ folder.

Following this order of ideas, you will see a series of directives in the right area of ​​the window. Locate the ‘Audit logon events’ option and right-click on it. Then, click ‘Properties’ and check the ‘Failed’ box to have all errors logged on every login attempt .

Also, you can check the ‘OK’ box if you want logs of successful logins to be stored . Once you complete this step, click ‘OK’ for the changes to take effect. The ‘Audited’ setting will now be displayed next to the ‘Audit logon events’ policy. This means that the attribute has been enabled.

Where to view my recent activity with Windows 10?

Recent activity with Windows 10 can be viewed from the event viewer. In case you don’t know, Event Viewer is a setting option or administrative tool. It allows access to all logs including application usage , installation, security, and system.

How to use your event viewer in Windows?

Windows provides information about the date and time an event is registered, its origin, an id and the category to which it belongs. It is even possible to use the event viewer in Windows to carry out different actions. In this regard, users can create custom views , open saved records, and filter particular records.

Also, from the event viewer, we can view the properties of each event , search for specific records and attach tasks. In fact, the system allows you to copy selected event files or empty logs. You just have to click on Windows Logs and select a category to see the details of the events.

The details of each event will give you more clarity about the activities that are running on your PC. Sometimes, you will find that the system is logging errors and warnings. In such cases, it is convenient that you take the Id or code of the error and the specifications about the origin. In this way, you will be able to find a solution in this regard.


Leave a Comment