How to Check Computer History
==============================
A computer with multiple users may want to be monitored by an administrator or its owner for computer activities. Monitoring helps in determining whether a malicious or potentially unwanted file or program has been downloaded into the system without the main user’s knowledge. It may also help parents to monitor their children’s computer activities.
Materials Needed:
- Computer
- Windows XP Pro or Later
Step 1
There is a simple way to check computer history without having to download additional programs into the system. The first step is to access the Control Panel through the My Computer folder or the 'Start' button.
Step 2
Next, click on 'Administrative Tools'.
Step 3
There should be a link to a program called Event Viewer. Double click this link.
Step 4
The Event Viewer window will execute. Double-clicking on any of the events from any of the categories (Application, Security, System, Internet Explorer, Microsoft Office Diagnostics, and Microsoft Office Sessions) will show an Event Log. The Event Logs are usually technical events happening on the computer.
Step 5
Checking the date when a file was last accessed or modified is possible by highlighting the file and checking its properties on the Explorer window. This method is highly unreliable because right-clicking on the file and accessing Properties is considered by the system as an access to the file. It therefore modifies the access date to the time its properties were viewed. There are other methods to view the date and time a file was last accessed but these methods are also unreliable.
Step 6
If using Windows XP Pro, there is a more reliable way to check computer history. This can be done through the Auditor. To enable the Auditor, log on to the computer as an administrator.
Step 7
Create a system restore point. This can come in handy when fatal errors have been made in the process.
Step 8
Disable simple file-sharing. This can be done by clicking the 'Tools' menu on each of the shared folders. Click 'Folder Options' from the Tools menu, and then click 'View'.
Step 9
Press the 'Start' button and click on the 'Run' file. Type in 'gpedit.msc'. This opens the Group Policy Window.
Step 10
Access the 'Audit Policy' through Computer Configuration, then 'Windows Settings', then 'Security Settings', then 'Local Policies', and finally 'Audit Policy'.
Step 11
Double-click on 'Audit Object Access' and check the 'Success' check box in the Properties tab. Click 'OK'.
Step 12
Go to a folder that you want to keep track. Right click on this folder, go to 'Properties', access the 'Security' tab, and click the 'Advanced' button. An Advanced Security Settings window should appear. Go to the Auditing tab. Click 'Add'.
Step 13
Type in the word 'everyone' in the box under the 'Enter the object name to select' dialogue. Click 'Check Names'. This checks whether you have entered a valid name. Click 'OK'.
Step 14
An Auditing Entry dialog windows should appear. Choose the folders you want audited. Click 'OK' on all the dialog windows.
==============================
A computer with multiple users may want to be monitored by an administrator or its owner for computer activities. Monitoring helps in determining whether a malicious or potentially unwanted file or program has been downloaded into the system without the main user’s knowledge. It may also help parents to monitor their children’s computer activities.
Materials Needed:
- Computer
- Windows XP Pro or Later
Step 1
There is a simple way to check computer history without having to download additional programs into the system. The first step is to access the Control Panel through the My Computer folder or the 'Start' button.
Step 2
Next, click on 'Administrative Tools'.
Step 3
There should be a link to a program called Event Viewer. Double click this link.
Step 4
The Event Viewer window will execute. Double-clicking on any of the events from any of the categories (Application, Security, System, Internet Explorer, Microsoft Office Diagnostics, and Microsoft Office Sessions) will show an Event Log. The Event Logs are usually technical events happening on the computer.
Step 5
Checking the date when a file was last accessed or modified is possible by highlighting the file and checking its properties on the Explorer window. This method is highly unreliable because right-clicking on the file and accessing Properties is considered by the system as an access to the file. It therefore modifies the access date to the time its properties were viewed. There are other methods to view the date and time a file was last accessed but these methods are also unreliable.
Step 6
If using Windows XP Pro, there is a more reliable way to check computer history. This can be done through the Auditor. To enable the Auditor, log on to the computer as an administrator.
Step 7
Create a system restore point. This can come in handy when fatal errors have been made in the process.
Step 8
Disable simple file-sharing. This can be done by clicking the 'Tools' menu on each of the shared folders. Click 'Folder Options' from the Tools menu, and then click 'View'.
Step 9
Press the 'Start' button and click on the 'Run' file. Type in 'gpedit.msc'. This opens the Group Policy Window.
Step 10
Access the 'Audit Policy' through Computer Configuration, then 'Windows Settings', then 'Security Settings', then 'Local Policies', and finally 'Audit Policy'.
Step 11
Double-click on 'Audit Object Access' and check the 'Success' check box in the Properties tab. Click 'OK'.
Step 12
Go to a folder that you want to keep track. Right click on this folder, go to 'Properties', access the 'Security' tab, and click the 'Advanced' button. An Advanced Security Settings window should appear. Go to the Auditing tab. Click 'Add'.
Step 13
Type in the word 'everyone' in the box under the 'Enter the object name to select' dialogue. Click 'Check Names'. This checks whether you have entered a valid name. Click 'OK'.
Step 14
An Auditing Entry dialog windows should appear. Choose the folders you want audited. Click 'OK' on all the dialog windows.
Comments
Post a Comment