?
Solved

Terminal Server Log Files

Posted on 2003-03-05
5
Medium Priority
?
299 Views
Last Modified: 2010-04-13
Does anyone know where access to Windows 2000 Terminal Server is logged? There must be a file that logs who and when logged in. Thanks
0
Comment
Question by:techwonder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 6

Expert Comment

by:night_monkey
ID: 8077622
To audit access to files, you must perform two tasks:
1.) Enable the Audit Policy called "Audit Object Access".
2.) Enable auditing on the individual files and folders you wish to audit.

Both of these procedures are outlined below.

--------------------------------------------------------------------------------

To enable the "Audit Object Access" policy, do the following:
(Note: this procedure shows how to setup Auditing using "Local Security Policy". If your computer is a member of a domain, you can perform the same tasks using Group Policy. Be aware that Group Policy settings will override Local Policy Settings).

1.) Click on "Start" -> "Programs" -> "Administrative Tools" -> "Local Security Policy".
2.) Navigate to "Audit Policy" in the left pane.
3.) In the left pane of "Local Security Settings" window, double click on the "Audit Object Access" entry.
4.) Click on the "Success" and "Failure" checkboxes to enable auditing for files.
5.) Click on the OK Button.


--------------------------------------------------------------------------------

To enable auditing of an individual file or folder, do the following:

1.) Right click on the file in Explorer, and choose "Properties", as shown in the figure.
2.) Click on the Security tab, and then click on the "Advanced" button as shown in the figure. If you don't have a Security tab, your are probably not using NTFS. If so, it is strongly recommended that you upgrade to NTFS (using the convert /FS:NTFS command) so that you can use file permissions.
3.) Click on the "Auditing" tab, and then click on the "Add" button, as shown in the figure.
4.) Double click on the "Everyone" group.
5.) Click on the actions you wish to Audit, and then click on "OK".


 




0
 

Author Comment

by:techwonder
ID: 8081985
Thanks for the reply. Actually I meant logging based on session only. I don't want to audit access of individual files, just see who used terminal services.  When somebody opens a terminal service session, that must be logged somewhere. I just can't find the logfile.
0
 
LVL 6

Accepted Solution

by:
night_monkey earned 300 total points
ID: 8082711
well, maybe i'm mistaken, but in my experieince you can only view current sessions in terminal server (terminal services manager). to view past sessions would require a microsoft or a third party tool.

check this out. it might be what you're looking for.

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/winsta-o.asp
0
 

Author Comment

by:techwonder
ID: 8090546
Well, that probably explains why I can't find any logfile. Thanks for the link.
0
 
LVL 6

Expert Comment

by:night_monkey
ID: 8090559
Anytime.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question