There are logs of people logging in in the event viewer. It is at Start > Administrative Tools > Event Viewer.
If you don't see Administrative Tools, then you need to right click on the Start button > Properties > Start menu customize. And enable "System Administrative Tasks" near the bottom of the scroll list. ( Mine is a Vista box, the wording might be a little different on XP )
Then you look for these Event IDs ( for Vista) :
4624,4636 for all logins.
4672 for admin logins
For XP, the Event IDs are :
528/540 for all login
576 for admin logins
However, if they are logging in as admins, they can erase the security log.
Last edited by lunarlander : 29-Dec-2008 07:35 PM.
|