asked on

How do I track logons and logouts on a termanal server?

I have a terminal server and I need to track who and when people are logging in.

ASKER CERTIFIED SOLUTION

Rob Williams

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mike Page

ASKER

Where do I enable security logging, the script looks great I do not have time to setup it now but if I can turn on security logging and check it that can help.

Rob Williams

Administrative Tools | Local (or Domain Security) Policy | Security Settings | Local Policies | Audit Policy

Here you can add the items you wish to audit,. The will be displayed in the Event Viewer security log. The down side of this it requires some digging or filtering.

prashsax

Use this script for searching you Servers security log for users who have done RDP logon.

The output file will be c:\RDPCON.txt

See if this solves your problem.
--------------------------------------------------------------------------------------------------------
SearchStr="RDP"
filenm = "c:\RDPCON.txt"
Set fso = CreateObject("Scripting.FileSystemObject")

Set tf = fso.CreateTextFile(filenm, True)
tf.WriteLine("Logfile started at: " & Date() & " " & Time())

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _
& "{(Security)}\\" & strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery _
("Select * From Win32_NTLogEvent Where Type <> 'Error'")

For Each objEvent in colLoggedEvents
if objEvent.EventCode=682 then
if Instr(Ucase(ObjEvent.Message),Ucase(SearchStr)) > 0 then
tf.WriteLine("Message: " & objEvent.Message & "Source Name: " & objEvent.SourceName & "Time Written: " &

ObjEvent.TimeWritten)
end if
end if
Next
-------------------------------------------------------------------------------------------------------------

Rob Williams

Thanks mpage,
--Rob