Remote Desktop Logs

Does RDP log IP access?

Where are they if so?
How do I activate loggin if its off by default?
Who is Participating?
Rob WilliamsCommented:
"I always assumed the file would be overwritten."
using '>' overwrites the file or creates a new one and '>>' adds it too an existing file
Notice the only '>' used is in the 'if' statement section which creates the file if it does not already esist.

To implement:
-You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) on your domain controller, and give all users write privileges. It does not have to be in that location, that is just an example. It actually is best you don't give users access to the C: drive, better to use a common, or new share.
-Then just add the above script somewhere in the users logon script where you likely have drives mapped. There is nothing else to change as they are all variables. The script will use the current user's name and computer name.

You can only do this by creating auditing events in policies.. I don't see any other way to do this.. Look at this link to get the polciy to be enabled...
Rob WilliamsCommented:
I was curios as to who was logging on to what machine, when, and from what IP so I added the following to the users logon script:

If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
Echo. >> "\\Server\Logs\LogOns.Log"
Echo ------------------------------------------------------ >> "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

You need to create the folder \\Server\Logs  (substituting your ServerName for "Server) and give all users write privileges. Then it will maintain a log with a typical entry similar to:
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
{Where is the computer IP and is the remote user's IP}
Hi Robwill,

Never thought of this one, looks pretty neet.. But are the rules aded to the file?? I always assumed the file would be overwritten.
andy_boothAuthor Commented:

That looks like an excellent idea.

I am am a programmer rather than a system admin.
Our server doesnt run in AD, its an internet facing box in a datacentre.

Could I ask how I would implement that please?

(I have increased the points as I am asking for extra info)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.