西秀岭

导航

监听Windows Logon Logoff, 屏幕锁定

1. 使用  gpedit.msc  打开组策略。

   配置审核其它登录/注销事件  :成功和失败

   配置审核注销:成功和失败

   配置审核登录:成功和失败

 

 

配置完成后,就可以在事件监视器中看到登录注销的事件了,包括屏幕锁定,解锁。

eventvwr.msc

 

 

 

Event IDDescription
4624 Logon (Whenever an account is successfully logged on)
4647 Logoff (When an account is successfully logged off)
4634 Logon session end time
4800 System was locked
4801 System was unlocked

 

posted on 2021-12-21 09:46  西秀岭  阅读(315)  评论(0编辑  收藏  举报