Table of contents

When it comes to networking in Windows 10, joining a workgroup is widely assumed to be a really convenient option. Technically speaking, a workgroup is a peer-to-peer network that allows to share files, printers, network storage, etc. Workgroups are effectively organized groups of computers that are easy to use and administer, so there is no wonder they are so popular in public places these days.

Obviously, as there are multiple users involved in a workgroup, it needs proper administration to prevent its participants from abusing the opportunities it offers. For instance, making changes to an account set up in Workgroup mode can bring about security issues and put the whole group in harm’s way.

Since you are navigating this article, we are inclined to believe you are the one in charge of your workgroup. If the “Can I track user activity using audit policy?” question is your concern, then you are lucky to have found you way here: we have prepared a detailed guide on ways to track user activities in a workgroup on Windows 10. We hope our tips will help you increase the security of your network.

How to Track User Activity using Audit Policy

Here is a simple yet effective method to keep a close eye on what is going on in your workgroup:

  1. Open the Run app by simultaneously pressing the Windows logo key and the R key.
  2. Type secpol.msc into the Run area and hit the Enter button.
  3. The Local Security Policy window will open up.
  4. In the left pane, double-click Security Settings.
  5. Then expand the Local Policies section.
  6. Open Audit Policy.
  7. In the right-pane menu, there are multiple Audit entries set to No editing.
  8. Open the first entry.
  • In the Local Security Setting tab, check Success and Failure under Audit these attempts. Click Apply and OK.
  • Repeat the step above for all the entries present.

Now you can track user activity in Workgroup mode on Windows 10.

How to Trace User Activity via Event Viewer

Event Viewer is a handy tool that allows you to locate trespassers as well as viewing event logs. Here is how you can use Event Viewer’s functionality to your advantage:

  1. Use the Windows logo + R keyboard shortcut.
  2. Tap in eventvwr in the dialog box. Press Enter.
  3. Event Viewer will launch. Navigate to the left pane.
  4. Expand Windows Logs.
  5. Then expand Security.
  6. Here you can see a list of security events.
  7. Click any event on the list to see its info.
  8. Navigate to Event ID and make a note of its number. It will help you understand what exactly happened.

Here is a list of Event IDs in Workgroup mode explained:

  • 4720: “A User account was created.”
  • 4722: “A User account was enabled.”
  • 4724: “An attempt was made to reset an account’s password.”
  • 4725: “A User account was disabled.”
  • 4726: “A User account was deleted.”
  • 4728: “A member was added to a Security-enabled global group.”
  • 4731: “A Security-enabled local group was created.”
  • 4732: “A member was added to a Security-enabled local group.”
  • 4733: “A member was removed from a Security-enabled local group.”
  • 4734: “A Security-enabled local group was deleted.”
  • 4735: “A Security-enabled local group was changed.”
  • 4738: “A User account was changed.”
  • 4781: “The name of an account was changed.”

Hopefully, this information will prove helpful

Note: Bear in mind it is essential that all the computers in your workgroup be properly protected from malware. The thing is, if one of the machines on the network is infected, all the other PCs are at risk. For example, the infection can easily be transmitted via shared files.

What we are driving at is that you should make sure malware entities give your network a wide berth. Although Windows 10 is equipped with a built-in security suite, that is, Windows Defender, this might not be enough to achieve the above objective. In light of this situation, a third-party solution might come in very handy. When choosing one, remember that you need a reliable piece of software that is capable of hunting down any item from the world of malware. That said, it is important that you opt for a tool that would not abuse its powers and interfere with the normal function of your computer. Fortunately, we have a ready-made solution for you: Auslogics Anti-Malware is a powerful and yet intuitive and affordable malware hunter that will give you the peace of mind you deserve. The tool will scan every nook and cranny of your system to catch and remove all the threats lurking around.

Are there any other ways to track user activities in a workgroup?

Please share your methods in the comments section below!