WindowsWindows 10 Commands to Check Logged in Users in Windows 10 Locally & Remotely April 6, 2020964 views0 Share By IG Share In this guide, we list out the commands to check logged in users in Windows 10, both locally & remote options. The Windows 10 users may like to find out who is logged into their computer. There are several methods to find out this. Follow any of these methods discussed below to use from your remote Windows 10 computer to find out users logged in. These methods benefit you to grant or prevent access to your PC by users. Table of Contents Toggle Commands to Check Logged in Users in Windows 10:Method-1: Using Task ManagerMethod-2: Using Query CommandMethod-4: Using WMICThe Auditing logon events policy to check logged in users in Windows 10:How does it work?How to enable logon auditing policy on your Windows 10 computer?Follow the below steps to enable logon auditing policy:Method-1: Using Event Viewer Method-2: Using filtersConcluding Note:More Resources: Commands to Check Logged in Users in Windows 10: Method-1: Using Task Manager This method allows you to see the currently logged in users with the help of Task Manager. Step-1: First, right-click on the taskbar and choose “Task Manager” to open the Task Manager. (To see the active processes, you may need to click on the “More Details” button.) Step-2: Finally, click the “Users” tab available at the upper part of the Task Manager. This will show you a list of presently logged in users as well as their status. Method-2: Using Query Command This method for finding out logged in users in your Windows 10 can be accomplished either locally or remotely: Locally: Step-1: First of all, hold down the Windows Key and then press the “R” key to open the Run window. Step-2: Now you must type “CMD” and hit “Enter” to launch a command prompt. Step-3: In the command prompt, you must type “query user” and hit “Enter”. You will see the computer name or domain along with the username displayed on the screen. The list will mention all the users who are currently logged on your computer. Example: query user or query user USER1 /server:Server1 (see remotely) Remotely: Step-1: Firstly, hold down the Windows Key and press the “R” key to open the Run window. Step-2: In this step, you have to type “CMD” and hit “Enter” to launch a command prompt. Step-3: In the window of the command prompt, you have to type the following command and hit “Enter”: query user /server:computername (You need to replace “computername” with your system’s computer name.) You will see the computer name or domain along with the username. Method-3: Using WhoAmI Command The “whoami” command shows the name of currently logged-in users on your Windows 10 computer. Follow the below steps to use this method: Step-1: As a first step, hold down the Windows Key and press the “R” key to launch the Run window. Step-2: Now you need to type “CMD” and hit “Enter” to launch a command prompt. Step-3: In the window of the command prompt, you have to type the command “whoami” and hit “Enter”. Finally, you will see the domain name or computer name followed by the username. Method-4: Using WMIC Step-1: As the first step, hold down the Windows Key and then press the “R” key to open up the Run window. Step-2: You need to type the command “CMD” and hit “Enter”. This will open a command prompt. Step-3: In the window of the command prompt, you have to type the following command and press “Enter”: WMIC /NODE:"computername" COMPUTERSYSTEM GET USERNAME (In the above command, you have to replace “computername” by your system’s actual computer name you are querying. It is also possible to replace “computername” by the IP address of the system.) The Auditing logon events policy to check logged in users in Windows 10: On your Windows 10 computer, you can easily enable the “Auditing logon events” policy. This policy will allow you to track login attempts. These attempts will prove useful in many cases. They can help you find who is using your device without permission. Also, you can troubleshoot some problems. Whenever this policy is enabled, the Windows 10 OS can effectively track local and network logins to make sure they are successful or not. Each event will comprise the account name as well as the time when the users logged in. Generally, this feature is allocated for organizations; however, anybody could use it provided they know the complete process. In this Windows 10 guide, we’ll walk you through the steps to see when and who has signed into your device using Group Policy and the Event Viewer. How does it work? The working of the “Auditing logon events” policy is based on the Event Viewer which is a component of Microsoft Windows. This component allows the regular users and the administrators to view event logs either on a local machine or remote machine. This component utilizes event IDs to label uniquely identifiable events that a Windows 10 computer may encounter. It is known that the Event Viewer shows a log of application as well as system information messages. This component also shows errors and warnings. The errors and warnings are displayed even if your Windows 10 system is properly running. This feature also proves to be helpful if you are troubleshooting a problem and want to have detailed information about the cause of the problem. You can easily look for events in various categories like “Application”, “Security”, and “System”. How to enable logon auditing policy on your Windows 10 computer? If you are currently operating Windows 10 Pro, it is possible to use the Local Group Policy Editor. This will enable the “Audit logon events” policy in order to easily track success and feature sign-in attempts that took place on your device. It is important to note that the Group Policy is not made available on Windows 10 Home. However, the login auditing for successful efforts shows up as enabled by default in this particular edition. In case you are currently running Windows 10 Home, it is fine if you skip the below steps and jump directly to the Event Viewer instructions. Follow the below steps to enable logon auditing policy: Step-1: With the help of the Windows key + R keyboard shortcut, launch the Run command. In this step, you need to type “gpedit.msc” and hit “OK” to launch the Local Group Policy Editor. Step-2: Now you need to follow this path: Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy Step-3: Now on the right side, you need to double-click the Audit logon events policy. Step-4: Check for the “Success” and “Failure” options. Step-5: Now click on “Apply” and then click on “OK”. Once you have completed the above steps, Windows 10 will automatically track every login effort to your device. Note: If you don’t want to track logins on your PC, follow the same instructions but clear the Success and Failure options. When using the Audit logon events policy, you can follow any of these two methods to see who logged into Windows 10: Method-1: Using Event Viewer After you have configured Windows 10 to the audit logon events, use the Event Viewer to know who signed into your system and the time when it happened. Follow the below steps: Step-1: Open Start. Step-2: Now search for Event Viewer and then click the top result. Step-3: In this step, you have to browse the following path: Event Viewer > Windows Logs > Security Step-4: Now you have to double-click the event using the 4624 ID number. This suggests a successful sign-in event. Note: In the event log, there is lots of information, but you can just have a look at the Logged section to know when the event happened. Moreover, inside the “General” tab, look under “New Logon” to get the details of the account that was assigned permission to your computer. Method-2: Using filters The “Security” page keeps a record of several login attempts. So, you may have to browse certain events until you get the information you want. The speed of this process can be increased with the use of the Event Viewer filter feature. This feature helps to create a custom view to view only the login attempts. Follow the below steps: Step-1: Firstly, right-click on “Custom Views” Step-2: Choose the “Create Custom View” option. Step-3: From the logged drop-down menu, choose a specific time range you need. Step-4: In this step, check the “By log” option. Step-5: From the “Event logs” drop-down menu, select Security under the “Windows Logs”. Step-6: Now, in the “All Event IDs” field, you need to type “4624”. Step-7: Finally, click on “OK”. Concluding Note: Once you completely follow any of these methods, you can easily find out who logged into your Windows 10. You can also know the time they logged in. These methods easily retrieve the needful information and make sure there is nobody accessing your device without your permission. More Resources: How to Permanently Disable App Notifications in Windows 10? How to Fix Windows 10 disk usage 100% How to Fix Windows 10 1903 error 0x8000ffff 0xc80003f3 and 0x80d02002 Windows Logon Scenarios – External Disclaimer: The Questions and Answers provided on https://www.gigxp.com are for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Share What's your reaction? Excited 0 Happy 0 In Love 0 Not Sure 0 Silly 1 IG Website Twitter
Interview Questions How to open a folder from Windows Explorer in Command Prompt under Windows 10 with a shortcut? For Windows power users, the ‘Command Prompt’ is one of the extended options you would ...
Windows How to Resolve In-place Upgrade from Windows Server 2016 to 2019? When you need to keep the same hardware and all the server roles which you ...
Windows How to Fix Windows Server 2019 error 0x87e10bc6 – Activation Errors Once you purchase your Windows Server 2019 edition, you need to activate it. The actual ...
Windows How to Enable or Disable Disk Write Protection in Windows 10? Quick fix! There are cases where you would find that your Windows 10 sends out messages that ...
