Solved

How to log/monitor RDP sessions on Win 2003 terminal server

Posted on 2011-02-23
4
750 Views
Last Modified: 2013-11-21
How can i see who connected to my server through remote desktop connection on my Win 2003 terminal server? Is there a log file for that?
0
Comment
Question by:Pazderka
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
yelbaglf earned 500 total points
ID: 34966189
Here's a good KB about auditing.
http://support.microsoft.com/kb/300549

You can check the security log in Event Viewer for this.


Here's a good overview of ObserveIT.
http://www.petri.co.il/record-and-audit-terminal-citrix-and-rdp-session-%E2%80%93-observeit-product-overview.htm
0
 
LVL 3

Expert Comment

by:Wyoung2100
ID: 34974090
for active connections its under administrative tools and terminal server manament console. as long as you have administrative rights you can see who is on and remotely view thier sessions with or without there knowlege (configured in their AD object). You must do this remotely to get control but has been a valuable tool for me as I find many abusers this way
0
 
LVL 4

Expert Comment

by:Llacy80
ID: 34974112
You can also quickly view this by right clicking on the task bar and going to Task Manager --> and then users. It will give you a quick overview of who is logged on.
0
 
LVL 11

Assisted Solution

by:yelbaglf
yelbaglf earned 500 total points
ID: 34976162
You could also use something like quser.

You can use this command to find out if a specific user is logged on to a specific terminal server. Query user returns the following information:

The name of the user
The name of the session on the terminal server
The session ID
The state of the session (active or disconnected)
The idle time (the number of minutes since the last keystroke or mouse movement at the session)
The date and time the user logged on

http://technet.microsoft.com/en-us/library/cc788125(WS.10).aspx

This can also be put into vbscript if needed.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now