• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Are there Log files for RDP connections?

We have a user that is concerned that someone is accessing their computer remotely.  

Is there any place I can find a record of when remote connection are made to a computer and where those connections are coming from on  windows XP system?
0
apilkington
Asked:
apilkington
1 Solution
 
supermandaddyCommented:
Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...

You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired. Note, some folks have XP boxes setup to login without a password. Logging in
without a password counts as a "failure". This results in the security log filling up very fast if
you log failures and have a user without a password. I fell into that trap while testing a new XP
Pro box once. The result is you can not login normally. Also note, not having a password is
a potential and probable security risk.

The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
Administrative Tools" and click on "Event Viewer".

Also see this page for other Audit Logon information...

http://www.microsoft.com/resources [...] us/518.asp

Lastly, you might look at the Port Reporter tool for additional logging...Specifically the PR-Ports
log file...

http://support.microsoft.com/default.aspx?scid=kb;[LN];837243
0
 
apilkingtonAuthor Commented:
Ok, I know about using the event viewer to view events.  We have not previously setup to log account events so I will set that up so that I can see what is happening in this case.  

The real reason I was posting was is question was that I had done some looking on the internet and I was seeing posts about different event ID's that weren't explaining all of the steps I needed to go through to set things up for the auditing of these type of events.

I will setup auditing on the computer in question and let you know if I any problems.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now