log remote desktop connections

markpalinux used Ask the Experts™
We use Remote Desktop for administration on all of our servers, is there a good way to log items when IT staff connect to remote desktop?

We would like to log:
logon time, logon name, client ip address.

It could go to a local file or security log.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018
That's already been done: look into the security event log, filter for event id 528.
These events will be successful logons.
If the "Logon Type" field in the description is 10, it's a remote connection.
Check here for details about the logon types:
Top Expert 2009

Be sure you enable Audit system event on Local security Policy so your server can log this event.
Administrative Tools --> Local Sec Policy --> Local Policy --> Audit Policy --> Audit systems event --> check both success and failure.


Now  to find an easy vbs script to pull all 528 events with a logon type of 10.
I wonder what a RDC with /console would show?


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial