WestonGroup
asked on
How to tell if a user has remotely logged onto a server
How can you tell if someone is remotely accessing a server?
Is that logged in the event log, security logs and if so what event id would it be and how would it be listed.
I see a bunch of logs some annomyous, some administrator....some I dont' know what they do...would this be the place.
We are checking to see if one of our it admins are remotely accessing a specific server...and would like to know if that gets logged if someone rdps into a server
Thanks
Is that logged in the event log, security logs and if so what event id would it be and how would it be listed.
I see a bunch of logs some annomyous, some administrator....some I dont' know what they do...would this be the place.
We are checking to see if one of our it admins are remotely accessing a specific server...and would like to know if that gets logged if someone rdps into a server
Thanks
Check the eventlog (Start -> Run -> eventvwr), click on Security and watch out for event ids 528 and 538.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
RobWill, your solution probably does not list the remote logins that have been happend in the past, or does it?
Do you know of any other way to access this information when the logging you mentioned hasn't been enabled, let's say, I'm suspecting someone doing something nasty and want to look if he logged in in the last week?
Do you know of any other way to access this information when the logging you mentioned hasn't been enabled, let's say, I'm suspecting someone doing something nasty and want to look if he logged in in the last week?
I don't know of a way to check past activities if systems have not been put in place beforehand.
WestonGroup, was this information helpful for you?