log remote desktop connections

markpalinux
markpalinux used Ask the Experts™
on
We use Remote Desktop for administration on all of our servers, is there a good way to log items when IT staff connect to remote desktop?

We would like to log:
logon time, logon name, client ip address.

It could go to a local file or security log.

Thanks,
Mark
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
That's already been done: look into the security event log, filter for event id 528.
These events will be successful logons.
If the "Logon Type" field in the description is 10, it's a remote connection.
Check here for details about the logon types:
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.0&EvtID=528&EvtSrc=Security&LCID=1033
Top Expert 2009

Commented:
Be sure you enable Audit system event on Local security Policy so your server can log this event.
Administrative Tools --> Local Sec Policy --> Local Policy --> Audit Policy --> Audit systems event --> check both success and failure.

K

Now  to find an easy vbs script to pull all 528 events with a logon type of 10.
I wonder what a RDC with /console would show?

Thanks,
Mark

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial