Skip to content

Check Computer Started without Admin Provileges

September 12th, 2017 - ITTutorial(1 min)

TL;DR: open the Event viewer, select the Windows Logs > System and Filter Current Log to the desired interval. Or you can scroll to the earliest entry of the day you need (more irritating because the event window doesn’t refresh when scrolling).

The other day I needed to find out when an user logged in on a computer. Unfortunately, this info is only available with admin privileges, which the user did not have. So, knowing the user was the one that started the computer on the day, the next best thing is to see when the computer was started on that day.

To obtain the information, I performed the following steps:

  1. Open the Event Viewer and select the Windows Logs entry:

    Event viewer

  2. Select the System logs:

    Event viewer

  3. This will show all system logs for the computer and normally don’t require elevated privileges.

    Event viewer

  4. On the right hand side select Filter Current Log

    Event viewer

  5. Change the Logged interval from Any time:

    Event viewer

  6. To a Custom range…:

    Event viewer

  7. Select the Events on for both From and To to restrict the time interval to the desired period (e.g. a certain day):

    Event viewer

  8. Scroll down the list of events to get to the first one:

    Event viewer

This will be the moment when the computer was started.

An alternative is to just scroll to the earliest event on a certain date, but the window doesn’t refresh when scrolling and I found it more difficult to pinpoint the event.

HTH;

Share on
Reddit
Linked in
Whatsapp

A little experiment: