Need logon history of RDP clients

Posted on 2007-03-19
Last Modified: 2013-11-21
I've been asked to provide a log-on history, showing when people sign on and off an RDP session.  I know I can see who is logged on at the moment, but don't know of a way to get the usage history?  
Question by:TinaSC
LVL 70

Assisted Solution

KCTS earned 20 total points
ID: 18750879
You need to set up Auditing. Unfortunately Auditing is not restrospective. See

Author Comment

ID: 18750942
Thanks KCTS.  I have looked at auditing & it seems somewhat cumbersome.  I've looked thru some old postings here & saw one by LEEW giving instructions for writing a script that's stored as a .csv.  I've never written a script before, but since I've come along a lot of solutions requiring a script, I guess it's time to learn.  It's too bad there's no way to go back in time.
LVL 51

Assisted Solution

Netman66 earned 20 total points
ID: 18752062
There should be Security logs that can be Filtered to show Logon events.

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

LVL 48

Assisted Solution

Jay_Jay70 earned 20 total points
ID: 18752159
or even the use of things like eventcomb will help you a little more with filtering
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 190 total points
ID: 18753925
You can enable auditing but it is quite time consuming to filter and extract. Or you could add the lines below to each users logon script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line  As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName1 ComputerName1  Fri 09/30/20   8:00  
Log On:  UserName2 ComputerName2  Fri 09/30/20   8:10
Log On:  UserName3 ComputerName3  Fri 09/30/20   8:15
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
If you wish to know logoff times as well you will need to add a script in group policy for logoffs if you don't already have one:
User Configuration | Windows settings | Scripts | Logoff
Her to add to the same log file, add the following to the logoff script:
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
Echo Log Off:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"

Author Comment

ID: 18756219
Thanks Rob... I almost get this.  In each user profile, I see the usrlogin.bat file (or something like that).  Is that where you mean I should add the above & if so, how do I find it to edit it for a specific user?  I did a search & only found 2 usrlogin.bat files??  Or do I put it in the logon/off script in the group policy??  Sorry, but I don't think I'm completely interpreting this correctly... new stuff for me...

Also, I saw a posting with this script -
IFMEMBER "%username%"=="domain\UserMonGroup"
IF ERRORLEVEL 1 echo LOGON %username% %computername% %date% %time% >> \\server\share\logon.log  (My apologies to the author, but I can't remember where I saw this).  
If I read that correctly, it goes in the grp policy?
LVL 77

Accepted Solution

Rob Williams earned 190 total points
ID: 18757063
>>” usrlogin.bat file (or something like that).  Is that where you mean I should add the above”
Yes that is correct.
There doesn't necessarily need to be one logon script for each user. If the users have similar parameters set, they can all use the same one. The logon script is usually located in the NETLOGON share of the domain controller. Specifically:
If not there, or not sure which script is applied, it is applied in one of 2 ways, so you can check there to see the “pointer;
1)In active directory, under the user’s profile, on the profile tab, in the logon script box
2)In group policy under User configuration | Windows settings | Scripts | Logon
If you have numerous group policies you may need to run  gpresult from the command line of the clients machine wile logged on as them to see what policies are applied.

The other script you reference is part of a script that uses the IfMember utility in the Windows Resource kit to determine if the user is a member of a group (nothing to do with group policy). Often people will write a script that say something like map this drive if the user is a member of this account.

Let us know if you need more help with the script. Glad to “fill in the blanks” for you.
LVL 77

Expert Comment

by:Rob Williams
ID: 18781562
Thanks again TinaSC.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now