[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2207
  • Last Modified:

RDP connections - trace

Is there a way to trace RDP/Remote Desktop connections to a terminal server (Win 2003)?

I have a customer that insists on using direct Remote Desktop connections to their terminal server for their remote clients instead of creating VPN connections through their SBS ISA 2004 server.  The VPN connections can be tracked but I have not found a way to track the coming and going of the RDP clients.

Note: Direct RDP connections seems less secure to me than creating a VPN first - Comments?

Also, one reason this customer perfers direct Remote Desktop connections is that they say it is more reliable - their VPN connections drop out from time to time.  Comments?
0
wwITman
Asked:
wwITman
1 Solution
 
Neil RussellTechnical Development LeadCommented:
If by "Direct RDP connections" you mean just starting an RDP client and connecting over the internet then no. The whole point of IP traffic is that it finds its own way there. Each packet of 5 "Could" in theory take a different route.
And of course RDP over VPN would be more secure but RDP is not exactly insecure anyway. Anything over VPN is more secure.
0
 
wwITmanAuthor Commented:
What I mean by "trace" is track or log the Remote Desktop connections to the terminal server.  At any givin time I can see who is connected but have no way to track the connections for today, yesterday, last week, etc..
With the VPN connections, there are ISA log files.
0
 
jPDaveCommented:
Hi,
open up the management console and click 'logging' under monitoring node.
Edit the filter and add something like 'Protocol Equal RDP" and set Log Time to 'Last 30 Days'.
Of cause, u can add more filters like action 'equal initiated connection' for having better overview.
Start the query and have fun. :)

Regards Dave
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Keith AlabasterCommented:
Absolutely, of course you can - Dave has it right. You can then copy the results to the clipboard and then into an excel spreadsheet or similar for either publishing or reporting against.  

Keith - ISA Forefront MVP
0
 
wwITmanAuthor Commented:
>open up the management console and click 'logging' under monitoring node...

Sorry, but what "managment console" are you talking of?
0
 
Keith AlabasterCommented:
the ISA gui
0
 
wwITmanAuthor Commented:
OK, thanks for pointing me in the right direction.  I am not real familar with ISA and it's monitoring capabilities.
This does show me all of the RDP traffic but the only unique piece of information is the "Client IP".  Better than nothing but sure would be nice to get a username - that is why I prefer VPN connections.

One related question to ISA 2004 logging.  What is the preferred log storage format - MSDE (current), File, or SQL database?
0
 
Keith AlabasterCommented:
MSDE is the preferred purely because it is self-contained. SQL is useful if you really want to get detailed reports (written by you) and start interacting with the data in other ways. MSDE is by far the most common.
0
 
Keith AlabasterCommented:
Sorry I did not manage to assist you at all :(.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now