Solved

Are there Log files for RDP connections?

Posted on 2011-03-09
2
283 Views
Last Modified: 2013-11-05
We have a user that is concerned that someone is accessing their computer remotely.  

Is there any place I can find a record of when remote connection are made to a computer and where those connections are coming from on  windows XP system?
0
Comment
Question by:apilkington
2 Comments
 
LVL 3

Accepted Solution

by:
supermandaddy earned 250 total points
ID: 35089250
Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...

You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired. Note, some folks have XP boxes setup to login without a password. Logging in
without a password counts as a "failure". This results in the security log filling up very fast if
you log failures and have a user without a password. I fell into that trap while testing a new XP
Pro box once. The result is you can not login normally. Also note, not having a password is
a potential and probable security risk.

The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
Administrative Tools" and click on "Event Viewer".

Also see this page for other Audit Logon information...

http://www.microsoft.com/resources [...] us/518.asp

Lastly, you might look at the Port Reporter tool for additional logging...Specifically the PR-Ports
log file...

http://support.microsoft.com/default.aspx?scid=kb;[LN];837243
0
 

Author Comment

by:apilkington
ID: 35096800
Ok, I know about using the event viewer to view events.  We have not previously setup to log account events so I will set that up so that I can see what is happening in this case.  

The real reason I was posting was is question was that I had done some looking on the internet and I was seeing posts about different event ID's that weren't explaining all of the steps I needed to go through to set things up for the auditing of these type of events.

I will setup auditing on the computer in question and let you know if I any problems.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now