Remote Desktop Logs

Posted on 2006-05-13
Last Modified: 2012-06-21
Does RDP log IP access?

Where are they if so?
How do I activate loggin if its off by default?
Question by:andy_booth
    LVL 23

    Expert Comment


    You can only do this by creating auditing events in policies.. I don't see any other way to do this.. Look at this link to get the polciy to be enabled...
    LVL 77

    Expert Comment

    by:Rob Williams
    I was curios as to who was logging on to what machine, when, and from what IP so I added the following to the users logon script:

    If Exist "\\Server\Logs\LogOns.Log" GoTo START
    Echo Log File > "\\Server\Logs\LogOns.Log"
    Echo. >> "\\Server\Logs\LogOns.Log"
    Echo ------------------------------------------------------ >> "\\Server\Logs\LogOns.Log"
    Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
    netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

    You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) and give all users write privileges. Then it will maintain a log with a typical entry similar to:
    Log On:  UserName ComputerName  Fri 09/30/20   8:07  
      TCP        ESTABLISHED
    {Where is the computer IP and is the remote user's IP}
    LVL 23

    Expert Comment

    Hi Robwill,

    Never thought of this one, looks pretty neet.. But are the rules aded to the file?? I always assumed the file would be overwritten.
    LVL 1

    Author Comment


    That looks like an excellent idea.

    I am am a programmer rather than a system admin.
    Our server doesnt run in AD, its an internet facing box in a datacentre.

    Could I ask how I would implement that please?

    (I have increased the points as I am asking for extra info)
    LVL 77

    Accepted Solution

    "I always assumed the file would be overwritten."
    using '>' overwrites the file or creates a new one and '>>' adds it too an existing file
    Notice the only '>' used is in the 'if' statement section which creates the file if it does not already esist.

    To implement:
    -You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) on your domain controller, and give all users write privileges. It does not have to be in that location, that is just an example. It actually is best you don't give users access to the C: drive, better to use a common, or new share.
    -Then just add the above script somewhere in the users logon script where you likely have drives mapped. There is nothing else to change as they are all variables. The script will use the current user's name and computer name.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now