• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

Remote Desktop Logs

Does RDP log IP access?

Where are they if so?
How do I activate loggin if its off by default?
0
andy_booth
Asked:
andy_booth
  • 2
  • 2
1 Solution
 
rhandelsCommented:
Hi,

You can only do this by creating auditing events in policies.. I don't see any other way to do this.. Look at this link to get the polciy to be enabled...

http://theillustratednetwork.mvps.org/RemoteDesktop/RemoteDesktopSetupandTroubleshooting.html#Loggingz
0
 
Rob WilliamsCommented:
I was curios as to who was logging on to what machine, when, and from what IP so I added the following to the users logon script:

:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo. >> "\\Server\Logs\LogOns.Log"
Echo ------------------------------------------------------ >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) and give all users write privileges. Then it will maintain a log with a typical entry similar to:
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
  TCP    10.0.1.100:3389        10.0.33.100:4267        ESTABLISHED
{Where 10.0.1.100 is the computer IP and 10.0.33.100 is the remote user's IP}
0
 
rhandelsCommented:
Hi Robwill,

Never thought of this one, looks pretty neet.. But are the rules aded to the file?? I always assumed the file would be overwritten.
0
 
andy_boothAuthor Commented:
RobWill,

That looks like an excellent idea.

I am am a programmer rather than a system admin.
Our server doesnt run in AD, its an internet facing box in a datacentre.

Could I ask how I would implement that please?

(I have increased the points as I am asking for extra info)
0
 
Rob WilliamsCommented:
"I always assumed the file would be overwritten."
using '>' overwrites the file or creates a new one and '>>' adds it too an existing file
Notice the only '>' used is in the 'if' statement section which creates the file if it does not already esist.

To implement:
-You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) on your domain controller, and give all users write privileges. It does not have to be in that location, that is just an example. It actually is best you don't give users access to the C: drive, better to use a common, or new share.
-Then just add the above script somewhere in the users logon script where you likely have drives mapped. There is nothing else to change as they are all variables. The script will use the current user's name and computer name.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now