avatech
asked on
RDP Sessions Source IP
Is there a way to audit incoming IP addresses to RDP services on Windows Server 2000 and Windows Server 2003 application servers? I have enabled policy that logs each successful RDP connection and account used to logon but the event does not give the source IP or computer name from where the connection originated.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
This capability isn't built in - one approach would be to run a login script at the server that logs the client IP address to a file. I haven't found a mechanism yet to get that information from the command line, I will report back if I find it though.
ASKER
Sounds like a great workable solution from the both of you. I've been battling Google trying to phrase correctly how to do this. I keep getting thousands of pages that want to tell me about RDP services and how to check my home IP to get to it. rather frustrating. I'm not a scripter so anything you can turn up that would be able to create such a file log would be perfect.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Perfect answers. I am going to use the following it seems to work well so far as a logon script and completed a single line for each logon with a date/time stamp
echo %clientname% %date% %time% >> c:\rdplog.txt
Thanks for your input hope that this will help someone else down the line and save them from some frustrations =)
echo %clientname% %date% %time% >> c:\rdplog.txt
Thanks for your input hope that this will help someone else down the line and save them from some frustrations =)
Note that IPConfig is going to record the IP information for the terminal server and not the client ip.