Are there any programs that save to the file on the desktop all failed login attempts with a timestamp accurate to the second?

This is necessary to detect attempts to sit at my computer during my absence.

    2 answers 2

    In theory, this is done using the built-in audit system .

    Start the policy editor ( Win + R , gpedit.msc ), go to Конфигурация компьютера\Конфигурация Windows\Параметры безопасности\Локальные политики\Политика аудита\ . Select Аудит событий входа в систему .

    Audit

    Double click on this item opens a window where you can enable / disable logging of successful and unsuccessful login attempts:

    setting window

    Repeat the same for the item Аудит входа в систему (this is not the same thing).

    To view the log of login attempts, run Event Viewer ( Win + R , eventvwr.msc ) and find your event there in Журналы Windows\Безопасность\ . For example, a user login event is 4648, exit is 4647.

    • This is all well and good, but I wanted to find out something else ...))) - komra23
    • @May_be: Edited the answer, changed the "Audit login" to "Audit login events." - VladD
    • one
      @May_be: This is a ready built-in tool. Everything else is not clear how to properly embed. If you want, you can write a more convenient event viewer :) - VladD

    Plus to the answer @VladD:

    On versions of Windows that do not support work in the domain (below the Professional level), the gpedit.exe management gpedit.exe and group policies are not available. For the version of Win7 and above (there are no older ones at hand, you will have to check it yourself if needed), instead of gpedit.exe , security templates are used. You can reach them as follows: run mmc.exe -> File -> Add Snap-in -> Security Templates -> add -> Ok. We create a new template and set up auditing, as in response to @VladD.

    UPD
    I forgot to write about how to apply the created template. Correct.

    To do this, you need the Analysis and Security Configuration snap-in. It is added to the console in the same way as the previous one. Work with this equipment is described in detail here .
    In short:
    1. Create or open a security policy database . When creating a new database, you need to specify the template file created earlier.
    2. Analysis of the computer ... - compare the template settings with the current active and make the necessary changes.
    3. Setting up the computer ... - apply the changed settings.

    For those unfamiliar with MMC - actions with this snap-in are performed using the context menu by right-clicking on the snap-in name in the console tree on the left.

    In addition to the fact that the system audit normally works out of the box, you can configure triggers in the system task scheduler to trigger on certain events of any system log, including the audit log. And here you can already register the launch of its program, which should respond to the event.

    For advertising: explore the capabilities of MMC and the snap-ins available in your version of Windows. This will greatly simplify the management of Windows settings without having to climb your hands on the registry and pray that the author of the recipe didn’t mess up anything, you wrote everything correctly and the system would not turn into a pumpkin after a reboot. Although the chance of the latter remains always, so the most powerful controls, such as group policies, are not available in home versions.