Solved

Are there Log files for RDP connections?

Posted on 2011-03-09
2
284 Views
Last Modified: 2013-11-05
We have a user that is concerned that someone is accessing their computer remotely.  

Is there any place I can find a record of when remote connection are made to a computer and where those connections are coming from on  windows XP system?
0
Comment
Question by:apilkington
2 Comments
 
LVL 3

Accepted Solution

by:
supermandaddy earned 250 total points
ID: 35089250
Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...

You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired. Note, some folks have XP boxes setup to login without a password. Logging in
without a password counts as a "failure". This results in the security log filling up very fast if
you log failures and have a user without a password. I fell into that trap while testing a new XP
Pro box once. The result is you can not login normally. Also note, not having a password is
a potential and probable security risk.

The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
Administrative Tools" and click on "Event Viewer".

Also see this page for other Audit Logon information...

http://www.microsoft.com/resources [...] us/518.asp

Lastly, you might look at the Port Reporter tool for additional logging...Specifically the PR-Ports
log file...

http://support.microsoft.com/default.aspx?scid=kb;[LN];837243
0
 

Author Comment

by:apilkington
ID: 35096800
Ok, I know about using the event viewer to view events.  We have not previously setup to log account events so I will set that up so that I can see what is happening in this case.  

The real reason I was posting was is question was that I had done some looking on the internet and I was seeing posts about different event ID's that weren't explaining all of the steps I needed to go through to set things up for the auditing of these type of events.

I will setup auditing on the computer in question and let you know if I any problems.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now