I log off my computer when I leave for the weekend. I do not shut if off. If someone had my password and logged in how could I tell. Is there a place where I can go and see when I logged in or out? Like I know I was not here during the weekend, but can I check if this machine was logged into at some time this weekend?
If you’re a local admin, you should be able to see it in computer management. Right click on My computer, select Manage, and go to the event logs then security tab. This will show you all security entries against your machine during the life of the logs. Looks specifically for logon/logoff entries.
It might be a bit cryptic, but it’s pretty accurate.
Why not just change your password? Though if an administrator (domain or local) logged in, they wouldn’t need YOUR password to see all files on the PC.
I assume your computer is running Windows of some sort?
Control Panel -> Administrative Tools -> Event Viewer
Look at the Security Events for logons and logon attempts.
I just don’t want people looking at my email…I am the admin, but there are some pretty keen folk around who could perhaps get into my machine.
Anyone with admin access can copy your mail data files to another system and examine them at their leisure.
cool. :rolleyes:
sh*t.
Out of every dozen eggs there has to be one bad seed among them. I’m only worried about one person in particular. Let’s say they do copy my files, can I use the event finder thing in my computer to see when they logged in and as who?
They could also access the contents of your computer’s hard drive from another system, if they have local admin rights (browsing to \[yourcomputername]\c$). If they did that, I don’t believe there would be any entries in your computer’s security logs. But this won’t work if your mail is stored on an Exchange server.
The basic rule: You have NO particular expectation of privacy on a work computer.
You just have to hope that “regular” users like your co-workers have not managed to figure out your password. There’s simply no way to defend against anyone with administrative rights from accessing your files.
FWIW, I have admin rights to nearly every PC and server running Windows in the enterprise. Like most admins at any company, I’m far too busy with work to be casually poking around anyone’s stuff. If there’s something that’s being actively looked for, there are search tools that de-personalize the activity that are much faster and not susceptible to the human factor of taking a peek at something unrelated.
Gotcha - again, I’m not too concerned. I just wanted to know about people poking around this machine. There’s nothing especially earth shattering on it. Just wondering is all.
You can turn on auditing to monitor access to files stored on the local computer.