Solved

How to log/monitor RDP sessions on Win 2003 terminal server

Posted on 2011-02-23
4
749 Views
Last Modified: 2013-11-21
How can i see who connected to my server through remote desktop connection on my Win 2003 terminal server? Is there a log file for that?
0
Comment
Question by:Pazderka
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
yelbaglf earned 500 total points
Comment Utility
Here's a good KB about auditing.
http://support.microsoft.com/kb/300549

You can check the security log in Event Viewer for this.


Here's a good overview of ObserveIT.
http://www.petri.co.il/record-and-audit-terminal-citrix-and-rdp-session-%E2%80%93-observeit-product-overview.htm
0
 
LVL 3

Expert Comment

by:Wyoung2100
Comment Utility
for active connections its under administrative tools and terminal server manament console. as long as you have administrative rights you can see who is on and remotely view thier sessions with or without there knowlege (configured in their AD object). You must do this remotely to get control but has been a valuable tool for me as I find many abusers this way
0
 
LVL 4

Expert Comment

by:Llacy80
Comment Utility
You can also quickly view this by right clicking on the task bar and going to Task Manager --> and then users. It will give you a quick overview of who is logged on.
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 500 total points
Comment Utility
You could also use something like quser.

You can use this command to find out if a specific user is logged on to a specific terminal server. Query user returns the following information:

The name of the user
The name of the session on the terminal server
The session ID
The state of the session (active or disconnected)
The idle time (the number of minutes since the last keystroke or mouse movement at the session)
The date and time the user logged on

http://technet.microsoft.com/en-us/library/cc788125(WS.10).aspx

This can also be put into vbscript if needed.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Know what services you can and cannot, should and should not combine on your server.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now