In this guide, we list out the commands to check logged in users in Windows 10, both locally & remote options.
The Windows 10 users may like to find out who is logged into their computer. There are several methods to find out this. Follow any of these methods discussed below to use from your remote Windows 10 computer to find out users logged in. These methods benefit you to grant or prevent access to your PC by users.
Table of Contents
This method allows you to see the currently logged in users with the help of Task Manager.
Step-1: First, right-click on the taskbar and choose “Task Manager” to open the Task Manager.
(To see the active processes, you may need to click on the “More Details” button.)
Step-2: Finally, click the “Users” tab available at the upper part of the Task Manager. This will show you a list of presently logged in users as well as their status.
This method for finding out logged in users in your Windows 10 can be accomplished either locally or remotely:
Example: query user or query user USER1 /server:Server1 (see remotely)
query user /server:computername
(You need to replace “computername” with your system’s computer name.)
You will see the computer name or domain along with the username.
The “whoami” command shows the name of currently logged-in users on your Windows 10 computer. Follow the below steps to use this method:
WMIC /NODE:"computername" COMPUTERSYSTEM GET USERNAME
(In the above command, you have to replace “computername” by your system’s actual computer name you are querying. It is also possible to replace “computername” by the IP address of the system.)
On your Windows 10 computer, you can easily enable the “Auditing logon events” policy. This policy will allow you to track login attempts. These attempts will prove useful in many cases. They can help you find who is using your device without permission. Also, you can troubleshoot some problems.
Whenever this policy is enabled, the Windows 10 OS can effectively track local and network logins to make sure they are successful or not. Each event will comprise the account name as well as the time when the users logged in. Generally, this feature is allocated for organizations; however, anybody could use it provided they know the complete process.
In this Windows 10 guide, we’ll walk you through the steps to see when and who has signed into your device using Group Policy and the Event Viewer.
The working of the “Auditing logon events” policy is based on the Event Viewer which is a component of Microsoft Windows. This component allows the regular users and the administrators to view event logs either on a local machine or remote machine. This component utilizes event IDs to label uniquely identifiable events that a Windows 10 computer may encounter. It is known that the Event Viewer shows a log of application as well as system information messages. This component also shows errors and warnings. The errors and warnings are displayed even if your Windows 10 system is properly running.
This feature also proves to be helpful if you are troubleshooting a problem and want to have detailed information about the cause of the problem. You can easily look for events in various categories like “Application”, “Security”, and “System”.
If you are currently operating Windows 10 Pro, it is possible to use the Local Group Policy Editor. This will enable the “Audit logon events” policy in order to easily track success and feature sign-in attempts that took place on your device.
It is important to note that the Group Policy is not made available on Windows 10 Home. However, the login auditing for successful efforts shows up as enabled by default in this particular edition. In case you are currently running Windows 10 Home, it is fine if you skip the below steps and jump directly to the Event Viewer instructions.
Once you have completed the above steps, Windows 10 will automatically track every login effort to your device.
Note: If you don’t want to track logins on your PC, follow the same instructions but clear the Success and Failure options.
When using the Audit logon events policy, you can follow any of these two methods to see who logged into Windows 10:
After you have configured Windows 10 to the audit logon events, use the Event Viewer to know who signed into your system and the time when it happened. Follow the below steps:
Note: In the event log, there is lots of information, but you can just have a look at the Logged section to know when the event happened. Moreover, inside the “General” tab, look under “New Logon” to get the details of the account that was assigned permission to your computer.
The “Security” page keeps a record of several login attempts. So, you may have to browse certain events until you get the information you want. The speed of this process can be increased with the use of the Event Viewer filter feature. This feature helps to create a custom view to view only the login attempts. Follow the below steps:
Once you completely follow any of these methods, you can easily find out who logged into your Windows 10. You can also know the time they logged in. These methods easily retrieve the needful information and make sure there is nobody accessing your device without your permission.
Comments are closed.