Track Past Remote Desktop usage?

Posted on 2010-01-11
Medium Priority
Last Modified: 2013-11-21
I need to figure out when an individual connected and for how long they connected via RD to an XP machine. Is there some way to easily see this looking back in time as auditing isn't enabled now?

Question by:willp2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 66

Expert Comment

ID: 26289647
If security logging is enabled, you can look in the event logs>security log, for a logon type code 10 (on the target PC, that you are remoting INTO), but you really cant easily see the times, unless you also look for the logout logged shortly after the login.....
LVL 82

Expert Comment

ID: 26289698
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26293018
Well if you never enabled auditing and/or used a script to do this, there is no way to 'go back' to what happened let's say months ago.
From now on you have a couple options:
1. If all you want is logon/logoff time the easiest is to add something to the logon script or Run key that will run a batch file that sends the username/date/time to a text file with the username.
Something like:
If this runs at logon/logoff you will have all this info in a text file you can open with Notepad/Excel and look for the information you want.
2. If you want to actually see what the user did, load RecordTS (free for XP) on the box. It will save a video of the session that you can playback using Windows Media Player.

Cláudio Rodrigues
Citrix CTP
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.


Author Comment

ID: 26294239
OK, so no way to easily track what has happened already through logs, which is what I thought, but wanted to see if I was missing something. Now I need to see if there is anything I can do to reconstruct the data somehow. Any thoughts on digging into the machine to look for signs of use, like modification times on files and that sort of thing?
LVL 17

Expert Comment

ID: 26294309
LVL 66

Accepted Solution

johnb6767 earned 2000 total points
ID: 26300620
Can do a search in the registry for MRU, under his profile. Will need to load the hive of course......
Search the Filesystem for Modified Dates etc.....

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question