How do I track logons and logouts on a termanal server?

Posted on 2006-05-30
Last Modified: 2013-11-21
I have a terminal server and I need to track who and when people are logging in.  
Question by:mpage
    LVL 77

    Accepted Solution

    You can enable security logging, but I found I wanted a simple log, that would also tell me the IP from which the user logged in. I added a couple of lines to the Terminal Servers Users' logon script, that created a custom log  file.  It would give you UserName, ComputerName, date and time in a simple single line, and the IP from which they connected below. As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:

    Log File
    Log On:  UserName ComputerName  Fri 09/30/20   8:07  
      TCP        ESTABLISHED
    {Where is the computer IP and is the remote user's IP, local or remote}

    Add lines below. Note: \\Server\Logs needs to be created as a shared folder on the server with all users having write privileges:
    If Exist "\\Server\Logs\LogOns.Log" GoTo START
    Echo Log File > "\\Server\Logs\LogOns.Log"
    Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
    Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

    Author Comment

    Where do I enable security logging, the script looks great I do not have time to setup it now but if I can turn on security logging and check it that can help.

    LVL 77

    Expert Comment

    by:Rob Williams
    Administrative Tools | Local (or Domain Security) Policy | Security Settings | Local Policies | Audit Policy

    Here you can add the items you wish to audit,. The will be displayed in the Event Viewer security log. The down side of this it requires some digging or filtering.
    LVL 13

    Expert Comment

    Use this script for searching you Servers security log for users who have done RDP logon.

    The output file will be c:\RDPCON.txt

    See if this solves your problem.
    filenm = "c:\RDPCON.txt"
    Set fso = CreateObject("Scripting.FileSystemObject")

    Set tf = fso.CreateTextFile(filenm, True)
    tf.WriteLine("Logfile started at: " & Date() & " " & Time())

    strComputer = "."

    Set objWMIService = GetObject("winmgmts:" _
        & "{(Security)}\\" & strComputer & "\root\cimv2")

    Set colLoggedEvents = objWMIService.ExecQuery _
        ("Select * From Win32_NTLogEvent Where Type <> 'Error'")

    For Each objEvent in colLoggedEvents
    if objEvent.EventCode=682 then
    if Instr(Ucase(ObjEvent.Message),Ucase(SearchStr)) > 0 then
          tf.WriteLine("Message: " & objEvent.Message & "Source Name: " & objEvent.SourceName & "Time Written: " &

    end if
    end if
    LVL 77

    Expert Comment

    by:Rob Williams
    Thanks mpage,

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Shouldn't all users have the same email signature?

    You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

    Let’s list some of the technologies that enable smooth teleworking. 
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now