Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.
You can take precautions against others using your PC, but sometimes, you don’t think it’s necessary. You can trust your family and friends. And the people you work with won’t snoop on your online activities.
Yet things aren’t right. Your laptop isn’t where you left. Your desk is a mess.
Has someone secretly used your PC? What have they been looking at? Nearly everything you do leaves some kind of trace on a computer. You just need to know where to go in order to find that evidence.
Knowing where to start can drastically reduce the amount of time it takes to find the culprit. Here’s how you can tell if someone logged into your computer without your permission.
1. Check Recent Activities
You should already know how to look at recently opened files. Windows introduced this as an easy way to go back to whatever you’ve been working on or looking at. It’s especially handy if you’re adding an attachment to an email or uploading to a blog. But you can also use this feature to check if someone else has been accessing your files.
Just head to the File Explorer by either opening Documents, This PC, or pressing Windows key + E. At the top left of the menu, click on Quick access. You’ll be able to see what’s been opened, so look for anything you haven’t accessed yourself.
Alternatively, you can check files opened in individual apps. If you think someone’s snooped on a PowerPoint presentation you made, check Recent in that program.
2. Check Recently Modified Files
However, anyone can wipe recent activity from your machine. Just left click on Quick access > Options > Clear File Explorer History. If your recent activity has been deleted, this is at least a sign that someone has used your PC. But how can you tell what folders they’ve opened?
Navigate back to File Explorer then type “datemodified:” into the search field at the top right. You can refine by a date range. It’s probably most useful if you click on Today, but you can go back a whole year too.
You’ll see a list of files that have been accessed—as long as something was changed. Let’s hope you’re lucky enough that your PC automatically saved an item while the snooper was at work. Check the times listed and narrow down when you were away from your device.
3. Check Your Browser History
Okay, everyone knows you can easily delete your browsing history. But if someone used your PC in a hurry, they might’ve forgotten this step.
Google Chrome has the biggest market share, so it’s most likely that whoever went on your computer used that. Click on the vertical ellipsis in the top right corner then History and see if anything’s amiss.
Don’t rule out other browsers though. If your PC has Edge, go to the ellipsis then Favorites > History. You can use a similar method if you still have Internet Explorer installed. Firefox users should click on the menu, followed by History > Show All History.
4. Check Windows 10 Logon Events
You want to know if someone else has accessed your PC, but the simple methods are yet to bear fruit. Fortunately, you can delve deeper into your computer for further evidence.
Windows 10 Home automatically audits logon events—meaning it takes a note of every time you log into your device. So how can you check it? And once you’ve found the log, how can you interpret any meaning from it?
Search for Event Viewer and click on the app. Go to Windows Log > Security. You’ll see a long list of activities, most of which won’t make much sense to you unless you know Windows ID codes well.
The one you need to look out for is “4624”, which records as a “Logon”. “4672” means “Special Logon”, which you might see in conjunction with a standard logon. This indicates an administrative login. “4634” will be listed when an account logs off your PC.
It might be difficult to spot these codes, but you can narrow it down by using the Find… feature in the Actions menu to the right.
If you know a time you were away from your computer, you can either scroll through the log or use Filters. Go to Actions > Filter Current Log then use the dropdown menu under Logged.
Click on any individual log to find out more details, including which account signed in. This is useful if you think someone has used your PC but not your system.
How to Enable Logon Auditing on Windows 10 Pro
The Home version of Windows 10 audits logons by default. However, the Pro version could require some tinkering.
Access the Group Policy Editor by searching for “gpedit”. Next, go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy > Logon Audits. You need to select Success and Failure in order for it to register successful and unsuccessful login attempts.
After you’ve done this, you can check the audits for future reference by using the aforementioned method via Event Viewer.
How to Stop Others Using Your Computer
How can you stop others accessing your PC? Firstly, you can ask. You might be questioned about why it bothers you, but if it’s your own property, it’s your right.
The most important thing is to create a strong password for your account. Make sure it’s not predictable. Don’t write it down anywhere. And whenever you leave your desk, press Windows key + L. It’s one of the best ways to lock your PC and make certain no one can snoop on your activities.
Image Credit: undrey/Depositphotos