Skip to main content

Windows 系统开启锁屏日志

· One min read

开启锁屏/解锁日志

  1. 运行(Win + R)输入 gpedit.msc 打开组策略
  2. 依次展开 Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies - Local Group Policy Object > Logon/Logoff
  3. 开启一下配置
    • Audit Logoff
    • Audit Logon
    • Audit Other Logon/Logoff Events

查看日志

  1. 运行(Win + R)输入 eventvwr.msc 打开事件日志
  2. 找到 Windows Logs > Security
  3. 点击右侧的 Filter Current Log
  4. <All Event IDs> 输入项里输入 4800,4801(分别对应: 锁屏日志事件ID 和 解锁日志事件ID),然后点击 OK 进行搜索

也可以创建一个自定义filter, 不用每次都查询一遍