In this guide, we list out the commands to check logged in users in Windows 10, both locally & remote options.
The Windows 10 users may like to find out who is logged into their computer. There are several methods to find out this. Follow any of these methods discussed below to use from your remote Windows 10 computer to find out users logged in. These methods benefit you to grant or prevent access to your PC by users.
Commands to Check Logged in Users in Windows 10:
Method-1: Using Task Manager
This method allows you to see the currently logged in users with the help of Task Manager.
Step-1: First, right-click on the taskbar and choose “Task Manager” to open the Task Manager.
(To see the active processes, you may need to click on the “More Details” button.)
Step-2: Finally, click the “Users” tab available at the upper part of the Task Manager. This will show you a list of presently logged in users as well as their status.
Method-2: Using Query Command
This method for finding out logged in users in your Windows 10 can be accomplished either locally or remotely:
- Step-1: First of all, hold down the Windows Key and then press the “R” key to open the Run window.
- Step-2: Now you must type “CMD” and hit “Enter” to launch a command prompt.
- Step-3: In the command prompt, you must type “query user” and hit “Enter“. You will see the computer name or domain along with the username displayed on the screen. The list will mention all the users who are currently logged on your computer.
Example: query user or query user USER1 /server:Server1 (see remotely)
- Step-1: Firstly, hold down the Windows Key and press the “R” key to open the Run window.
- Step-2: In this step, you have to type “CMD” and hit “Enter” to launch a command prompt.
- Step-3: In the window of the command prompt, you have to type the following command and hit “Enter“:
query user /server:computername
(You need to replace “computername” with your system’s computer name.)
You will see the computer name or domain along with the username.
Method-3: Using WhoAmI Command
The “whoami” command shows the name of currently logged in users in your Windows 10 computer. Follow the below steps to use this method:
- Step-1: As a first step, hold down the Windows Key and press the “R” key to launch the Run window.
- Step-2: Now you need to type “CMD” and hit “Enter” to launch a command prompt.
- Step-3: In the window of command prompt, you have to type the command “whoami” and hit “Enter”. Finally, you will see the domain name or computer name followed by the username.
Method-4: Using WMIC
- Step-1: As the first step, hold down the Windows Key and then press the “R” key to open up the Run window.
- Step-2: You need to type the command “CMD” and hit “Enter”. This will open a command prompt.
- Step-3: In the window of the command prompt, you have to type the following command and press “Enter”:
WMIC /NODE:”computername” COMPUTERSYSTEM GET USERNAME
(In the above command, you have to replace “computername” by your system’s actual computer name you are querying. It is also possible to replace “computername” by the IP address of the system.
The Auditing logon events policy to check logged in users in Windows 10:
On your Windows 10 computer, you can easily enable the “Auditing logon events” policy. This policy will allow you to track login attempts. These attempts will prove useful in many cases. They can help you find who is using your device without permission. Also, you can troubleshoot some problems.
Whenever this policy is enabled, the Windows 10 OS can effectively track local and network logins to make sure they are successful or not. Each event will comprise of the account name as well as the time when the users logged in. Generally, this feature is allocated for organizations; however, anybody could use it provided they know the complete process.
In this Windows 10 guide, we’ll walk you through the steps to see when and who has signed into your device using Group Policy and the Event Viewer.
How does it work?
The working of the “Auditing logon events” policy is based on the Event Viewer which is a component of Microsoft Windows. This component allows the regular users and the administrators to view event logs either on a local machine or remote machine. This component utilizes event IDs to label uniquely identifiable events that a Windows 10 computer may encounter. It is known that the Event Viewer shows a log of application as well as system information messages. This component also shows errors and warnings. The errors and warnings are displayed even if your Windows 10 system is properly running.
This feature also proves to be helpful if you are troubleshooting a problem and want to have detailed information about the cause of the problem. You can easily look for events in various categories like “Application”, “Security”, and “System”.
How to enable logon auditing policy on your Windows 10 computer?
If you are currently operating Windows 10 Pro, it is possible to use the Local Group Policy Editor. This will enable the “Audit logon events” policy in order to easily track success and feature sign-in attempts that took place on your device.
It is important to note that the Group Policy is not made available on Windows 10 Home. However, the login auditing for successful efforts shows up as enabled by default in this particular edition. In case you are currently running Windows 10 Home, it is fine if you skip the below steps and jump directly to the Event Viewer instructions.
Follow the below steps to enable logon auditing policy:
- Step-1: With the help of the Windows key + R keyboard shortcut, launch the Run command.
- In this step, you need to type “gpedit.msc” and hit “OK” to launch the Local Group Policy Editor.
- Step-2: Now you need to follow this path:
- Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy
- Step-3: Now on the right side, you need to double-click the Audit logon events policy.
- Step-4: Check for the “Success” and “Failure” options.
- Step-5: Now click on “Apply” and then click on “OK”.
Once you have completed the above steps, Windows 10 will automatically track every login effort to your device.
Note: If you don’t want to track logins on your PC, follow the same instructions but clear the Success and Failure options.
When using the Audit logon events policy, you can follow any of these two methods to see who logged into Windows 10:
Method-1: Using Event Viewer
After you have configured Windows 10 to the audit logon events, use the Event Viewer to know who signed into your system and the time when it happened. Follow the below steps:
- Step-1: Open Start.
- Step-2: Now search for Event Viewer and then click the top result.
- Step-3: In this step, you have to browse the following path:
- Event Viewer > Windows Logs > Security
- Step-4: Now you have to double-click the event using the 4624 ID number. This suggests a successful sign-in event.
Note: In the event log, there is lots of information, but you can just have a look at the Logged section to know when the event happened. Moreover, inside the “General” tab, look under “New Logon” to get the details of the account that was assigned permission to your computer.
Method-2: Using filters
The “Security” page keeps a record of several login attempts. So, you may have to browse certain events until you get the information you want. The speed of this process can be increased with the use of the Event Viewer filter feature. This feature helps to create a custom view to view only the login attempts. Follow the below steps:
- Step-1: Firstly, right-click on “Custom Views”
- Step-2: Choose the “Create Custom View” option.
- Step-3: From the logged drop-down menu, choose a specific time range you need.
- Step-4: In this step, check the “By log” option.
- Step-5: From the “Event logs” drop-down menu, select Security under the “Windows Logs”.
- Step-6: Now, in the “All Event IDs” field, you need to type “4624”.
- Step-7: Finally, click on “OK”.
Once you completely follow any of these methods, you can easily find out who logged into your Windows 10. You can also know the time they logged in. These methods easily retrieve the needful information and make sure there is nobody accessing your device without your permission.