When is my account being used?


  1. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       New #1

    When is my account being used?


    Ever have the situation where several people have your logon password AND something goes wrong AND everyone denies having logged on?

    Or would you simply like to when you logged on 2 days ago?

    Try out this little example which simply involves copying and pasting into powershell. Resutls placed on your desktop:

    Code:
    # Start copy with very next line; Copy thru 2nd EXIT
$events = Get-WinEvent -FilterHashtable @{logname='application'; id=4101; level=4} `
-verbose:$false -erroraction:silentlycontinue 
$events | format-table -property timecreated,message -auto -wrap `
> $env:userprofile\desktop\LOGONTIMES.txt

EXIT
EXIT

# Places LOGONTIMES.TXT on your DESKTOP
#
# **********************INSTRUCTIONS**************************
# STEP 1 *****************************************************
# RUN PowerShell as administrator
# START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | YES
# ************************************************************
# STEP 2 *****************************************************
# COPY, using CTRL + C, every line down thru both EXIT statements 
# PASTE into Powershell by right-clicking at the PowerShell Prompt
#  (Ctrl V does not work)
# ************************************************************
# OUTPUT  File LOGONTIMES.txt is placed on your DESKTOP
#
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#  Get-WinEvent: The system can not find the path specified
# you need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#   Run PowerShell
#   enter following $host.version
#   you should see at least:
# Major  Minor  Build  Revision
# -----  -----  -----  --------
# 2      0      -1     -1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
#
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#   Run PowerShell
#   enter following without the #
#   Set-ExecutionPolicy -executionpolicy remotesigned
#
# ************************************************************
#
# ************************************************************
#
      My Computer
    Quote Quote

  3. seavixen32
    Posts : 7,730
    Windows 7 Ultimate SP1 64-Bit
       New #2

    Just tried it (I'm the only user).


    TimeCreated Message
    ----------- -------
    03/06/2012 09:23:32 Windows license validated.
    02/06/2012 10:49:22 Windows license validated.
    02/06/2012 09:10:56 Windows license validated.
    02/06/2012 07:43:01 Windows license validated.
    02/06/2012 00:59:40 Windows license validated.
    01/06/2012 18:56:33 Windows license validated.
    01/06/2012 18:27:56 Windows license validated.
    01/06/2012 16:22:10 Windows license validated.
    01/06/2012 09:09:34 Windows license validated.
    01/06/2012 08:03:32 Windows license validated.
    31/05/2012 15:14:26 Windows license validated.
    31/05/2012 12:22:42 Windows license validated.
    31/05/2012 07:21:07 Windows license validated.
    31/05/2012 00:55:29 Windows license validated.
    30/05/2012 11:32:48 Windows license validated.
    30/05/2012 07:23:53 Windows license validated.
    29/05/2012 20:18:50 Windows license validated.
    29/05/2012 20:16:46 Windows license validated.
    29/05/2012 09:22:07 Windows license validated.
    29/05/2012 03:45:10 Windows license validated.
    28/05/2012 17:29:16 Windows license validated.
    28/05/2012 12:53:07 Windows license validated.
    28/05/2012 07:20:01 Windows license validated.
    28/05/2012 07:06:52 Windows license validated.
    28/05/2012 00:25:11 Windows license validated.
    27/05/2012 11:03:16 Windows license validated.
    26/05/2012 22:49:24 Windows license validated.
    26/05/2012 15:16:04 Windows license validated.
    26/05/2012 13:02:28 Windows license validated.
    26/05/2012 08:36:00 Windows license validated.
    26/05/2012 02:26:12 Windows license validated.
    25/05/2012 07:24:44 Windows license validated.
    24/05/2012 09:05:09 Windows license validated.
    23/05/2012 11:09:29 Windows license validated.
    23/05/2012 10:57:18 Windows license validated.
    23/05/2012 10:41:53 Windows license validated.
    23/05/2012 10:39:49 Windows license validated.
    23/05/2012 10:38:40 Windows license validated.
    23/05/2012 06:30:14 Windows license validated.
    22/05/2012 20:29:28 Windows license validated.
    22/05/2012 08:53:44 Windows license validated.
    21/05/2012 23:37:31 Windows license validated.
    21/05/2012 23:20:23 Windows license validated.
    21/05/2012 07:11:43 Windows license validated.
    20/05/2012 10:39:12 Windows license validated.
    20/05/2012 10:03:29 Windows license validated.
    20/05/2012 03:15:56 Windows license validated.
    19/05/2012 22:48:10 Windows license validated.
    19/05/2012 14:23:31 Windows license validated.
    19/05/2012 06:30:30 Windows license validated.
    18/05/2012 07:13:51 Windows license validated.
    17/05/2012 10:31:34 Windows license validated.
    17/05/2012 09:42:51 Windows license validated.
    16/05/2012 23:09:32 Windows license validated.
    16/05/2012 16:54:59 Windows license validated.
    16/05/2012 15:28:05 Windows license validated.
    16/05/2012 10:12:45 Windows license validated.
    15/05/2012 21:24:04 Windows license validated.
    15/05/2012 11:29:39 Windows license validated.
    15/05/2012 03:30:15 Windows license validated.
    14/05/2012 15:11:58 Windows license validated.
    14/05/2012 08:03:24 Windows license validated.
    13/05/2012 23:39:25 Windows license validated.
    13/05/2012 14:38:47 Windows license validated.
    13/05/2012 09:33:05 Windows license validated.
    12/05/2012 23:38:04 Windows license validated.
    12/05/2012 18:02:39 Windows license validated.
    12/05/2012 14:08:37 Windows license validated.
    12/05/2012 12:26:57 Windows license validated.
    12/05/2012 09:40:55 Windows license validated.
    11/05/2012 23:00:48 Windows license validated.
    11/05/2012 22:35:01 Windows license validated.
    11/05/2012 17:15:05 Windows license validated.
    11/05/2012 10:27:03 Windows license validated.
    11/05/2012 08:52:13 Windows license validated.
    10/05/2012 21:20:44 Windows license validated.
    10/05/2012 07:43:45 Windows license validated.
    10/05/2012 07:20:09 Windows license validated.
    10/05/2012 06:25:53 Windows license validated.
    10/05/2012 00:54:27 Windows license validated.
    09/05/2012 23:06:14 Windows license validated.
    09/05/2012 22:30:13 Windows license validated.
    09/05/2012 16:56:44 Windows license validated.
    09/05/2012 07:04:08 Windows license validated.
    09/05/2012 00:00:11 Windows license validated.
    08/05/2012 18:53:34 Windows license validated.
    08/05/2012 18:51:07 Windows license validated.
    08/05/2012 11:53:45 Windows license validated.
    08/05/2012 11:21:42 Windows license validated.
    08/05/2012 09:56:05 Windows license validated.
    08/05/2012 02:54:46 Windows license validated.
    07/05/2012 10:33:01 Windows license validated.
    06/05/2012 09:05:19 Windows license validated.
    05/05/2012 23:04:21 Windows license validated.
    05/05/2012 22:45:33 Windows license validated.
    05/05/2012 22:36:46 Windows license validated.
    05/05/2012 21:52:00 Windows license validated.
    05/05/2012 17:06:57 Windows license validated.
    05/05/2012 16:50:23 Windows license validated.
    05/05/2012 16:36:21 Windows license validated.
    05/05/2012 16:29:25 Windows license validated.
    05/05/2012 16:11:41 Windows license validated.
    05/05/2012 16:02:03 Windows license validated.
    05/05/2012 15:53:53 Windows license validated.
      My Computer
    Quote Quote

  4. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
    Thread Starter
       New #3

    That shows your log on times and also, part of the log on routine is to check if your windows version has been validated. This doesn't catch every thief in the woods, but is effective at catching the dumb thieves, that is, those who have never validated their Win 7 and not used one of the "better" illegal hacks.

    Also good for the college student who suspects that someone else in the dorm/dwelling has been using the computer.
      My Computer
    Quote Quote

  6. seavixen32
    Posts : 7,730
    Windows 7 Ultimate SP1 64-Bit
       New #4

    Anything that picks up on illegal software is fine by me.
      My Computer
    Quote Quote

  7. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
    Thread Starter
       New #5

    Sometimes people overlook validating their Win 7 and then start having popup messages that they didn't expect and then I had the one chap whose 3-mo validation time for his illegal enterprise version was only two days from running out. After pointing out to him that his particular copy would need to be validated by the domain server, he disappeared from the landscape.
      My Computer
    Quote Quote

 

  Related Discussions
I'm the only user on this laptop and my admin account was called "HybridPC" and I disabled the windows login screen. (Turn computer on and goes right to desktop). One day the welcome screen popped up out of nowhere and I had to login. I tried disabling the login screen to where it was before and...
Hi, I basically had 3 accounts on my computer, one being "Administrator" (w Admin rights), one "test" (Standard User rights) and one more "User" that is the one I use most frequently (with Admin rights). When I last used it last Friday the User account was still present and all my programs were...
Hi everyone and merry Christmas! I followed the procedure found on the web, I entered "netplwiz" and did uncheck “Users must enter a user name and password to use this computer". There is no password set. THere is just one user/account which is obviously also the administrator. (the...
I am using Windows 7 Pro 64x and apparently the default user account (Owner) that I use is not working correctly. Unless I have UAC set to Never Notify, I cannot open Control Panel or UAC again. When I try, I get the error message listed below. I have created a second user account as Administrator...
I have a set of folder I encrypted from my user account. I haven't figured out how to access them from my admin account. In reverse, while logged on my admin account, I droppped some files into folder encrypted by my user account. I can't access those files when I log on as a user. How can I...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 15:19.
Find Us