Is someone snooping on you?
There are several ways to ferret out if someone has been sleuthing around your computer
- Published 31.03.19, 5:05 PM
- Updated 31.03.19, 5:05 PM
- 3 mins read
Peeping Toms are an irritation in real life and more so those who peek into your computer when you are not around.
There are several ways to ferret out if someone has been sleuthing around your computer. On a common PC at a workplace, you can find out who has been checking your files. Or you can check if someone has physically or remotely accessed your computer.
The first and easiest step is to check the recently closed files. Recent updates on Windows 10 have made this step very easy. Just press the Windows key and E simultaneously. This will launch the File Explorer and take you straight to the Quick Access page where all the files that have been opened and closed recently are displayed. If this does not show up, go to File Explorer—View—Options and under Privacy put a tick mark next to ‘Show recently used files in Quick Access’.
Another Windows feature makes it easy to check files opened in individual apps. Click on the search icon near the Start button and type the name of the app you want. Say you want PowerPoint. And straight away all things related to PowerPoint will pop up. If you cannot remember what you have named a file or suspect someone has been prying into your files this is a quick way to find out.
You can delete your browsing history in File Explorer by following the path Quick Access—Options and ‘Clear File Explorer history'. Supposing your Peeping Tom has wiped out your recent activity from your computer, this by itself is an indicator that someone has been fiddling around with your machine. You can even detect what folders they have opened. Go to File Explorer and type datemodified: in the search bar on the top right. You can give a date range by clicking on ‘Today’ or a ‘Year back’. You will see a list of files that have been accessed provided something has changed. From there you can narrow down your search to the time when you were away from your computer and yet files were opened.
If you suspect that your computer has been hacked and someone else is logging on to your computer at the same time as you are, press the Windows logo key and R together. This will open the Run box. Type cmd and press Enter. When the Command Prompt window opens, type query user and press Enter. It will list all users that are currently logged on to your computer.
Windows 10 can record local and network logins and whether they are successful or not. It keeps track of the account name that logged in and the time. On Windows 10 Pro this has to be enabled in the Local Group Policy Editor. Group Policy is not available in Windows 10 Home but login auditing for successful attempts comes enabled by default.
In Windows 10 Pro press the Windows key and R together to open Run. Type gpedit.msc and click OK to open the Local Group Policy Editor. Go to Computer Configuration—Windows Settings—Security Settings—Local Policies—Audit Policy. On the right, double-click the ‘Audit account logon events’. Tick both the Success and Failure options, and click Apply and OK. Windows 10 Pro will now track every login attempt to your computer whether it is a success or not.
Whenever you want to check, on the search bar next to the Start button, type Event Viewer and launch it. Go to Event Viewer—Windows Logs—Security. Look for the event 4624, which represents a successful sign-in event. Double click on it to see the details and scroll down to see the user’s account name. On Windows 10 Pro you can also double-click on the event 4625, which will show you the unsuccessful logins. Event 4634 shows when the user logged off.
At the end of the day, the best way to stop people from poking around your computer is to use a password and a strong one at that. And remember to lock your PC when you leave your desk. Press Control, Alt and the Delete keys together and click on Lock. The other shortcut is Windows key+L.