Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Need logon history of RDP clients

Posted on 2007-03-19
Medium Priority
Last Modified: 2013-11-21
I've been asked to provide a log-on history, showing when people sign on and off an RDP session.  I know I can see who is logged on at the moment, but don't know of a way to get the usage history?  
Question by:TinaSC
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 70

Assisted Solution

KCTS earned 80 total points
ID: 18750879
You need to set up Auditing. Unfortunately Auditing is not restrospective. See

Author Comment

ID: 18750942
Thanks KCTS.  I have looked at auditing & it seems somewhat cumbersome.  I've looked thru some old postings here & saw one by LEEW giving instructions for writing a script that's stored as a .csv.  I've never written a script before, but since I've come along a lot of solutions requiring a script, I guess it's time to learn.  It's too bad there's no way to go back in time.
LVL 51

Assisted Solution

Netman66 earned 80 total points
ID: 18752062
There should be Security logs that can be Filtered to show Logon events.

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

LVL 48

Assisted Solution

Jay_Jay70 earned 80 total points
ID: 18752159
or even the use of things like eventcomb will help you a little more with filtering
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 760 total points
ID: 18753925
You can enable auditing but it is quite time consuming to filter and extract. Or you could add the lines below to each users logon script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line  As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName1 ComputerName1  Fri 09/30/20   8:00  
Log On:  UserName2 ComputerName2  Fri 09/30/20   8:10
Log On:  UserName3 ComputerName3  Fri 09/30/20   8:15
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Note the users will need to have read/write and execute permissions for the \\Server\Logs\LogOns.Log  file.
If you wish to know logoff times as well you will need to add a script in group policy for logoffs if you don't already have one:
User Configuration | Windows settings | Scripts | Logoff
Her to add to the same log file, add the following to the logoff script:
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
Echo Log Off:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"

Author Comment

ID: 18756219
Thanks Rob... I almost get this.  In each user profile, I see the usrlogin.bat file (or something like that).  Is that where you mean I should add the above & if so, how do I find it to edit it for a specific user?  I did a search & only found 2 usrlogin.bat files??  Or do I put it in the logon/off script in the group policy??  Sorry, but I don't think I'm completely interpreting this correctly... new stuff for me...

Also, I saw a posting with this script -
IFMEMBER "%username%"=="domain\UserMonGroup"
IF ERRORLEVEL 1 echo LOGON %username% %computername% %date% %time% >> \\server\share\logon.log  (My apologies to the author, but I can't remember where I saw this).  
If I read that correctly, it goes in the grp policy?
LVL 77

Accepted Solution

Rob Williams earned 760 total points
ID: 18757063
>>” usrlogin.bat file (or something like that).  Is that where you mean I should add the above”
Yes that is correct.
There doesn't necessarily need to be one logon script for each user. If the users have similar parameters set, they can all use the same one. The logon script is usually located in the NETLOGON share of the domain controller. Specifically:
If not there, or not sure which script is applied, it is applied in one of 2 ways, so you can check there to see the “pointer;
1)In active directory, under the user’s profile, on the profile tab, in the logon script box
2)In group policy under User configuration | Windows settings | Scripts | Logon
If you have numerous group policies you may need to run  gpresult from the command line of the clients machine wile logged on as them to see what policies are applied.

The other script you reference is part of a script that uses the IfMember utility in the Windows Resource kit to determine if the user is a member of a group (nothing to do with group policy). Often people will write a script that say something like map this drive if the user is a member of this account.

Let us know if you need more help with the script. Glad to “fill in the blanks” for you.
LVL 77

Expert Comment

by:Rob Williams
ID: 18781562
Thanks again TinaSC.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question