How to View User Actions on a Windows PC

Read more about the information on user activities saved by Windows and how to view it, and about checking a user’s online activity. As many people know, and we also wrote about it in our blog, online privacy is a very relative thing. While using the Internet, every user leaves their trace in search engines that remember search queries and browsing history, watch history on YouTube, and sometimes even user geodata. In this respect, using social media has similar effects. By default, Internet browsers have their functions for saving browsing history, logins and passwords, as well as autofill data turned on.

In today’s article, you’ll see what information about user activity Windows can save, and how to view this data.


Browsing History

If you want to know if anyone used the computer and the Internet while you were away, the first and the easiest way to check it is to view browsing history.

There is a special article on this topic.

Search Engines

To find a website, a webpage, a video or any other information on the Internet you need two things: an Internet browser and a search engine. Both tools can store browsing history, watch history (talking of YouTube), search history and search queries, and some tools can also save comments and posts in various online communities.

That is why the next way to view a user’s online activity is to check their activities in online accounts of various search engines.

Find a detailed article about it here.


Recycle Bin

Now let’s move from online activities to what users can do in Windows. We recommend checking the Recycle Bin as the first step. All the files deleted from this computer end up there.

To see if any files were deleted from the computer while you were away, open the Recycle Bin and select “Details” view option.

After that, sort the files by date of deleting, by clicking on the “Date deleted” heading. As a result, you can see files deleted recently.

File Modification Date

In Windows, you can sort files in every folder by the date when they were modified. Even if you don’t know where to look for files that could be modified without your knowing it, or while you were away, Windows has a good option for you.

Start the Run tool by right-clicking on the Start menu or pressing the shortcut Win + R.

In the field “Run,” enter the command recent and click OK.

A folder containing recently modified files will open, with the files being sorted chronologically, beginning with the latest changed files.

Downloads

By default, all browsers save files from the Internet into the system folder “Downloads.” Go to this folder, and sort the files by download date, so you can see the latest files downloaded to this computer. There might be some stuff which you did not download, but someone else did…

If the browser default folder for downloads has been changed, you should check it too.

Sorting Programs by Date Modified

All programs on the computer are started with executable files having the “.exe” extension. To learn the date and time when a program was started:

  • Open the folder “This computer” and enter “.exe” in the search field. As a result, the search window will show you all files with this extension type on this computer.

  • Right-click on the heading of any column, and select “Details”

  • The window to choose columns will open. Find the line “Date modified”, check the box next to it and click OK.

  • A new column called “Date modified” will appear in the search results window.

Now you can see the date when this or another program was started on this computer. If you don’t understand what program is hiding behind a particular .exe file, you can check it in Location column, or even start the program right from the search results window.

Windows Logs

In Windows logs, the operating system records and saves all events, registers errors, information messages and warnings from applications, as well as the information on user activity and work of the operating system.

To go to Windows Logs, open Control Panel / Administrative Tools / Computer Management.

In Computer Management, go to System Tools / Event Viewer / Windows Logs.

Logs are arranged by category. For example, application logs can be found in Application category, and system logs – in System category. If the computer has security events monitoring enabled, for example monitoring for logging in, then events are registered in the Security category.

Certainly, the information shown in Windows Logs are meant for system administrators, and ordinary users will have difficulty understanding it. Nevertheless, if you look at it more attentively, in the Application log you can see events generated by applications arranged in a sort of chronological order.

There is also some data on the date and time of logging in and off the operating system. In other words, it means the time when the computer was turned on or off. You can find this information in Security and System logs.

Task Scheduler and Attaching Tasks to Events

Using Windows Logs, you can attach executing a task to a certain event in the log. For example, you can set up the computer to send a message to your email address every time your account logs on in Windows.

For example, I have an event in the Security log at logon. Its code is 4624. To attach a task to an event, right-click on the event and select “Attach task to this event.”

Then follow the steps in the Basic Task Wizard, and in the line “Action” select “Send an e-mail.”

Enter the addresses where to send the message, the theme and text, and then the SMTP server for your mail service.

Similarly, you can create a task attached to an event by using Task Scheduler. To do it, go to Task Scheduler and select “Create Basic Task…”

Set up the task by using the same Basic Task Wizard.

The picture shows how to set up the computer to send a message to your email address every time your account logs on in Windows, but in a similar way, you can set up the computer to perform other tasks attached to any event in the system log.

Author: , Technical Writer

Vladimir Artiukh is a technical writer for Hetman Software, as well as the voice and face of their English-speaking YouTube channel, Hetman Software: Data Recovery for Windows. He handles tutorials, how-tos, and detailed reviews on how the company’s tools work with all kinds of data storage devices.

Editor: , Technical Writer

Oleg Afonin is an expert in mobile forensics, data recovery and computer systems. He often attends large data security conferences, and writes several blogs for such resources as xaker.ru, Elcomsoft and Habr. In addition to his online activities, Oleg’s articles are also published in professional magazines. Also, Oleg Afonin is the co-author of a well-known book, Mobile Forensics - Advanced Investigative Strategies.

  • Updated:
  • Evaluations:
  • 19
  • /
  • :

Share

Questions and answers

Why would someone need to view user actions on a Windows PC?

Someone may need to view user actions on a Windows PC for a variety of reasons. For example, to troubleshoot technical issues, to monitor employee productivity, to audit security compliance, or to investigate suspicious activity.

What types of user actions can be viewed on a Windows PC?

  1. Logon/Logoff
  2. File/Folder Access
  3. Process Execution
  4. Registry Access
  5. Network Access
  6. System Services Access
  7. Windows Event Logs
  8. User Account Management
  9. Security Policy Changes
  10. Application Installation/Uninstallation

Can user actions be viewed without the use of third-party software?

Yes, user actions can be viewed without the use of third-party software. Depending on the type of user action, there are various ways to view them. For example, if you want to view user logins, you can check the system logs or audit trails. If you want to view user activities on a website, you can use web analytics tools. Additionally, if you want to view user interactions with an application, you can use application performance monitoring tools.

What is the name of the software recommended in the article for viewing user actions?

The software recommended in the article for viewing user actions is FullStory.

What is the process for downloading and installing the software recommended in the article?

  1. Visit the website of the software recommended in the article.
  2. Download the software onto your computer.
  3. Follow the on-screen instructions to install the software.
  4. Once the installation is complete, you can begin using the software.

Comments (13) #

  • Social Buddy 23.12.2019 04:10 #

    Fascinating. Definitely bookmarking this page. Really valuable info, thanks for posting.

  • Jim Hood 11.04.2018 22:05 #

    Are there any legal implications to monitoring user actions on a Windows PC without the user's consent?

    • Hetman Software 11.04.2018 22:30 #

      Yes, there are legal implications to monitoring user actions on a Windows PC without the user's consent. Depending on the jurisdiction, this could be considered an invasion of privacy or a violation of civil rights. In the United States, monitoring user actions on a Windows PC without the user's consent could be considered a violation of the Computer Fraud and Abuse Act. Additionally, it could also be considered a violation of the Stored Communications Act or other applicable state laws.

  • Mason Atkinson 11.04.2018 18:09 #

    What steps can be taken to protect user privacy while using software to monitor user actions on a Windows PC?

    • Hetman Software 11.04.2018 18:40 #

      1. Use a dedicated user account for monitoring: Create a separate user account on the Windows PC that is used solely for monitoring purposes. This will ensure that the user's personal data is not being tracked and that the monitoring software is only accessing the data it needs to do its job.
      2. Implement a privacy policy: Establish a clear privacy policy that outlines what data is being collected, how it is being used, and how it is being protected. This will help ensure that users understand what information is being tracked and how it is being used.
      3. Enable encryption: Encrypt all data collected by the monitoring software to protect it from unauthorized access. This will ensure that only authorized personnel can access the data and that it remains secure.
      4. Disable unnecessary features: Disable any unnecessary features of the monitoring software that could potentially compromise user privacy. This includes features such as keylogging, screenshot capture, and web browsing history tracking.
      5. Monitor access logs: Monitor access logs to ensure that only authorized personnel are accessing the data collected by the monitoring software. This will help ensure that user privacy is being respected and that any unauthorized access is detected and dealt with quickly.
  • Rowland Brambell 11.04.2018 16:12 #

    What are some potential ethical concerns related to using software to monitor user actions on a Windows PC?

    • Hetman Software 11.04.2018 16:42 #

      1. Invasion of privacy: Software that monitors user actions on a Windows PC can be used to track a user’s activity, including what websites they visit, what files they open, and even their keystrokes. This can be a violation of the user’s privacy and could lead to legal issues.
      2. Unauthorized access: Software that monitors user actions on a Windows PC can be used to gain unauthorized access to a user’s system, allowing someone to access sensitive information or take control of the system without the user’s knowledge or permission.
      3. Misuse of data: Software that monitors user actions on a Windows PC can be used to collect data about the user and their activities, which could then be used for malicious purposes such as identity theft or targeted advertising.
      4. Security risks: Software that monitors user actions on a Windows PC can introduce security risks to the system, as malicious actors could use the software to gain access to the system or manipulate the data being collected.
  • Stanley Yerburgh 11.04.2018 13:19 #

    Can the software recommended in the article be used to monitor multiple users on a single Windows PC?

    • Hetman Software 11.04.2018 13:40 #

      Yes, the software recommended in the article can be used to monitor multiple users on a single Windows PC. The software is designed to monitor user activity, including keystrokes, websites visited, applications used, and other activities. It can also be used to restrict access to certain websites or applications.

  • Harold Michell 11.04.2018 09:20 #

    What types of data can be collected through the use of the software?

    • Hetman Software 11.04.2018 09:39 #

      Data that can be collected through the use of software includes customer information, sales data, website analytics, user behavior, financial information, and more. Additionally, software can be used to collect data from external sources such as social media and third-party APIs.

  • Hetman Software: Data Recovery 19.07.2018 11:57 #

    Read about how to view user actions on a Windows PC and recommend it to friends. If you do have any questions, don't hesitate to contact our technical support service - we will be happy to help you.

Post comment

Recommended For You