Are there Log files for RDP connections?

We have a user that is concerned that someone is accessing their computer remotely.  

Is there any place I can find a record of when remote connection are made to a computer and where those connections are coming from on  windows XP system?
apilkingtonAsked:
Who is Participating?
 
supermandaddyConnect With a Mentor Commented:
Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...

You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired. Note, some folks have XP boxes setup to login without a password. Logging in
without a password counts as a "failure". This results in the security log filling up very fast if
you log failures and have a user without a password. I fell into that trap while testing a new XP
Pro box once. The result is you can not login normally. Also note, not having a password is
a potential and probable security risk.

The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
Administrative Tools" and click on "Event Viewer".

Also see this page for other Audit Logon information...

http://www.microsoft.com/resources [...] us/518.asp

Lastly, you might look at the Port Reporter tool for additional logging...Specifically the PR-Ports
log file...

http://support.microsoft.com/default.aspx?scid=kb;[LN];837243
0
 
apilkingtonAuthor Commented:
Ok, I know about using the event viewer to view events.  We have not previously setup to log account events so I will set that up so that I can see what is happening in this case.  

The real reason I was posting was is question was that I had done some looking on the internet and I was seeing posts about different event ID's that weren't explaining all of the steps I needed to go through to set things up for the auditing of these type of events.

I will setup auditing on the computer in question and let you know if I any problems.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.