Link to home
Start Free TrialLog in
Avatar of techwonder
techwonder

asked on

Terminal Server Log Files

Does anyone know where access to Windows 2000 Terminal Server is logged? There must be a file that logs who and when logged in. Thanks
Avatar of night_monkey
night_monkey
Flag of United States of America image
To audit access to files, you must perform two tasks:
1.) Enable the Audit Policy called "Audit Object Access".
2.) Enable auditing on the individual files and folders you wish to audit.

Both of these procedures are outlined below.

--------------------------------------------------------------------------------

To enable the "Audit Object Access" policy, do the following:
(Note: this procedure shows how to setup Auditing using "Local Security Policy". If your computer is a member of a domain, you can perform the same tasks using Group Policy. Be aware that Group Policy settings will override Local Policy Settings).

1.) Click on "Start" -> "Programs" -> "Administrative Tools" -> "Local Security Policy".
2.) Navigate to "Audit Policy" in the left pane.
3.) In the left pane of "Local Security Settings" window, double click on the "Audit Object Access" entry.
4.) Click on the "Success" and "Failure" checkboxes to enable auditing for files.
5.) Click on the OK Button.


--------------------------------------------------------------------------------

To enable auditing of an individual file or folder, do the following:

1.) Right click on the file in Explorer, and choose "Properties", as shown in the figure.
2.) Click on the Security tab, and then click on the "Advanced" button as shown in the figure. If you don't have a Security tab, your are probably not using NTFS. If so, it is strongly recommended that you upgrade to NTFS (using the convert /FS:NTFS command) so that you can use file permissions.
3.) Click on the "Auditing" tab, and then click on the "Add" button, as shown in the figure.
4.) Double click on the "Everyone" group.
5.) Click on the actions you wish to Audit, and then click on "OK".


 




Avatar of techwonder
techwonder

ASKER

Thanks for the reply. Actually I meant logging based on session only. I don't want to audit access of individual files, just see who used terminal services.  When somebody opens a terminal service session, that must be logged somewhere. I just can't find the logfile.
ASKER CERTIFIED SOLUTION
Avatar of night_monkey
night_monkey
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of techwonder
techwonder

ASKER

Well, that probably explains why I can't find any logfile. Thanks for the link.
Avatar of night_monkey
night_monkey
Flag of United States of America image
Anytime.