How does one track VPN and Remote Desktop Users

We have a Windows 2003 Server on a server with a number of different virtual machines.  I've had some recent concerns about when some of our users have been VPNing into the network and which machines have been Remote Desktopped into.  Can someone explain exactly which logs would contain the user name, date and time of VPN acccess and Remote Desktop use? Thanks.
tklingmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ericnilsCommented:
The security log in Event Viewer records all authentication events with a user name and time stamp.  If you are using AD authentication you already have this logging centralized on the domain controller(s)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ShattyPCommented:
Are you using Windows  IAS to handle authentication?  If so, open IAS and select 'Remote Access Logging.'  Tell it where you want it to store the logs and the name format for the log.  Such as E:\Logs.  Tell it to create a new log file everyday and select the boxes that tell it to log Accounting and Authentication requests.   These logs will give you the time, the username and the IP address of users connecting to your network.  
0
ploftinCommented:
What type of VPN are you referring to?  If it's a Microsoft routing and remote access setup, look in C:\Windows\Tracing for the RRAS logs.

As for Remote Desktop logging, look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10. The event log can be viewed by going to "Start -> Run -> eventvwr.exe".

You need to setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.