How can I get the latest shut downs/starts/logins/log-outs in Windows 10?

[Rodion15]

How can I get the latest shut downs/starts/logins/log-outs / unsucessful logins in Windows 10?

I've read a few articles I found but I couldn't find a good answer.

for example: I went to event viewer > security:
I read that the eventID 4624 is a successful sign-in, which seems incorrect, look at this test:
- I shut down my computer at 08:08:30
- I started my computer at 08:10:39 (give or take 5 seconds)
- I signed in at 08:12:10 (entered my password and hit enter)

...yet, at 08:10:39 I can see event 4624 registered, how's this possible if I signed in later at 08:12:10?

 

[terry4536]

Just search windows for event logs. That will bring up the event viewer. And then you can go over the logs to your hearts content.

 

[terry4536]

They are broken down to Custom Views, Windows logs, and Applications & Services logs.

 

[Rodion15]

They are broken down to Custom Views, Windows logs, and Applications & Services logs.

Thanks for your answer. As I said I've already tried that.

 

[Phillip Corcoran]

"...yet, at 08:10:39 I can see event 4624 registered, how's this possible if I signed in later at 08:12:10?"


You don't have to be actually signed in for Windows events to occur and be recorded in the logs. Windows events can occur and be recorded as soon as Windows has loaded to the sign-in screen, because at that point the Windows shell is running.

 

[terry4536]

They are broken down to Custom Views, Windows logs, and Applications & Services logs.

Thanks for your answer. As I said I've already tried that.

You asked about about the log of windows events and services. The event viewer is the place to look (and the only place I know of to look).

 

[Rodion15]

They are broken down to Custom Views, Windows logs, and Applications & Services logs.

Thanks for your answer. As I said I've already tried that.

You asked about about the log of windows events and services. The event viewer is the place to look (and the only place I know of to look).

What I need is the time I choose an account, enter my password and sign in. Even when I look "Friendly View" on the "Details" tab in Event Viewer this is the TargetUserName value I can see several "false" log ins into my account before the real one took place.

 

[Rodion15]

This post explains it all https://www.tenforums.com/general-support/117950-how-can-i-get-latest-shut-downs-starts-logins-log-outs-windows.html#post1462786

 

[terry4536]

This post explains it all https://www.tenforums.com/general-support/117950-how-can-i-get-latest-shut-downs-starts-logins-log-outs-windows.html#post1462786

How can I get the latest shut downs/starts/logins/log-outs / unsucessful logins in Windows 10?

In the above linked "How to Read Logoff and Sign Out Logs in Event Viewer in Windows" using the Filter Current Log menu item, there is an option at the top to specify the logged event time period. I would use that to narrow the events to the " latest shut downs/starts/logins/log-outs in Windows 10" in addition to the specific event code.

Filter Current Log :
https://www.tenforums.com/tutorials/117980-read-logoff-sign-out-logs-event-viewer-windows.html

Event Codes:
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-logonlogoff-events

 

[Rodion15]

Thank you.