Remote Desktop Logs

Hi,

You can only do this by creating auditing events in policies.. I don't see any other way to do this.. Look at this link to get the polciy to be enabled...

http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html#Loggingz

I was curios as to who was logging on to what machine, when, and from what IP so I added the following to the users logon script:

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo ------------------------------------------------------ >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) and give all users write privileges. Then it will maintain a log with a typical entry similar to:
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
  TCP    10.0.1.100:3389        10.0.33.100:4267        ESTABLISHED
{Where 10.0.1.100 is the computer IP and 10.0.33.100 is the remote user's IP}

Hi Robwill,

Never thought of this one, looks pretty neet.. But are the rules aded to the file?? I always assumed the file would be overwritten.

RobWill,

That looks like an excellent idea.

I am am a programmer rather than a system admin.
Our server doesnt run in AD, its an internet facing box in a datacentre.

Could I ask how I would implement that please?

(I have increased the points as I am asking for extra info)