<div>
Check the eventlog (Start -&gt; Run -&gt; eventvwr), click on Security and watch out for event ids 528 and 538.
</div>


Check the eventlog (Start -> Run -> eventvwr), click on Security and watch out for event ids 528 and 538.

<div>
RobWill, your solution probably does not list the remote logins that have been happend in the past, or does it?<br />
Do you know of any other way to access this information when the logging you mentioned hasn't been enabled, let's say, I'm suspecting someone doing something nasty and want to look if he logged in in the last week?
</div>


RobWill, your solution probably does not list the remote logins that have been happend in the past, or does it?
Do you know of any other way to access this information when the logging you mentioned hasn't been enabled, let's say, I'm suspecting someone doing something nasty and want to look if he logged in in the last week?

<div>
I don't know of a way to check past activities if systems have not been put in place beforehand.
</div>


I don't know of a way to check past activities if systems have not been put in place beforehand.

<div>
WestonGroup, was this information helpful for you?
</div>


WestonGroup, was this information helpful for you?

<div>
<div class="content wysiwyg-content">
How can you tell if someone is remotely accessing a server?<br />
<br />
Is that logged in the event log, security logs and if so what event id would it be and how would it be listed.<br />
<br />
I see a bunch of logs some annomyous, some administrator....some I dont' know what they do...would this be the place.<br />
<br />
We are checking to see if one of our it admins are remotely accessing a specific server...and would like to know if that gets logged if someone rdps into a server<br />
<br />
Thanks
</div>
</div>


How can you tell if someone is remotely accessing a server?

Is that logged in the event log, security logs and if so what event id would it be and how would it be listed.

I see a bunch of logs some annomyous, some administrator....some I dont' know what they do...would this be the place.

We are checking to see if one of our it admins are remotely accessing a specific server...and would like to know if that gets logged if someone rdps into a server

Thanks

How to tell if a user has remotely logged onto a server

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.