Remote Desktop Connection

Posted on 2006-05-24
Last Modified: 2010-04-11
How can I see which computers are using Remote Desktop to connect to my server?
I know how to see current ones, but how can I see any previous connections.. if possible?

Question by:MJoshua
    LVL 38

    Expert Comment

    by:Rich Rumble
    You'll probably need to turn up the event logging, by default windows doesn't log much. Go to Start> Run.. and type
    Secpol.msc (press enter, or click ok)
    In the local policy>audit folder you'll find the auditing of sucess's and failures. You'll want at least to log the sucess of account logon's and "audit logon event" sucess.
    Sucessful logons events are 552's logoffs are 572's (as well as others... M$ is so dumb, almost all events have a duplicate or overlapping event that could mean the same thing)
    Event ID 680 is an unsucessful attempt
    528  might also be a sucessful log on;en-us;140714&sd=tech
    551 in xp and 2003 mean someone kicked their own session off, or a sudden rebot could of
    LVL 5

    Expert Comment

    This link has a nice tutorial showing applying the audit settings, and the events appearing in the event log on a win XP machine.

    There are some other RDP hints and tips on that page which may also be of use / interest to you.


    LVL 9

    Expert Comment

    Terminal services manager... in administrative tools from hte server.

    Hope this helps,

    LVL 17

    Expert Comment

    Start --> Run --> cmd

    net session
    net file

    BR Dushan
    LVL 4

    Expert Comment

    if you just want the pc names, you can probably just look in the terminal server licensing, see what machines got issued a license in the past...

    but your best bet is the event log as stated above, it will usually give you the remote pc name, user name, and remote ip address.

    LVL 38

    Accepted Solution

    Bah M$, you'll hardly ever get an IP address from an event log... M$ is soo dumb... In IIS, yes you can see IP's, in the standard eventlogs, no, just the netbios name if any.
    If you want real logging, get a firewall like ZoneAlarm, it can log denials as well as allows.
    LVL 13

    Expert Comment

    You can make a logon script which will append the username into a file.

    something like:
    echo off
    echo %username% %date% >> \\servername\sharename\tslog.txt


    Enable security audits.

    Administrative Tools | Local (or Domain Security) Policy | Security Settings | Local Policies | Audit Policy

    Run this script on your Terminal Server.

    It will read your security logs and store the result in c:\RDPCON.txt

    filenm = "c:\RDPCON.txt"
    Set fso = CreateObject("Scripting.FileSystemObject")

    Set tf = fso.CreateTextFile(filenm, True)
    tf.WriteLine("Logfile started at: " & Date() & " " & Time())

    strComputer = "."

    Set objWMIService = GetObject("winmgmts:" _
        & "{(Security)}\\" & strComputer & "\root\cimv2")

    Set colLoggedEvents = objWMIService.ExecQuery _
        ("Select * From Win32_NTLogEvent Where Type <> 'Error'")

    For Each objEvent in colLoggedEvents
    if objEvent.EventCode=682 then
    if Instr(Ucase(ObjEvent.Message),Ucase(SearchStr)) > 0 then
          tf.WriteLine("Message: " & objEvent.Message & "Source Name: " & objEvent.SourceName & "Time Written: " & ObjEvent.TimeWritten)
    end if
    end if
    LVL 2

    Expert Comment


    Use the Terminal Services Manager under Admin Tools on the server. It's the easiest method of seeing who is in your server via Remote Desktop. You can also log off users, etc. from this handy tool.
    LVL 13

    Assisted Solution

    He wants to know who all have used it.

    You can see only connected or disconnected state in Terminal Services Manager. But it will not show you the list for users you have logged off after using it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now