Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to increase security on Terminal server 2008

Posted on 2011-05-11
Medium Priority
Last Modified: 2012-05-11
How to setup a terminal server with the following function,
> Log all users that login
> Log/Trace all activity that going on on Terminal server and any other remote connection from terminal server.
Question by:Seni
  • 2
  • 2
LVL 81

Expert Comment

ID: 35751044
Create a login script that does
echo "%username% logged in on %date% %time%" >> \\server\share\login.log
Create a similar logout script

This is done in a User GPO that applies through loopback to users loging into the terminal server.

Enable auditing policy.  Force all users access to go through a proxy server.
Enable the terminal process that one can view their session without a prompt.
You can also add SNMP/WMI SNMP and setup an SNMPTRAPD server while configuring evntwin to map the event log entries to SNMP traps......
use splunk to aggregate the logs into one location/server.
LVL 17

Assisted Solution

aoakeley earned 150 total points
ID: 35751188
You could also use third party software such as http://www.softactivity.com/tsm.aspx to automatically record all sessions. There are a few similar products put there.

Author Comment

ID: 35801568
Hi Arnod.

when u said (Enable auditing policy.  Force all users access to go through a proxy server.)
what exactly does this proxy server integrate with Terminal server?
LVL 81

Accepted Solution

arnold earned 1350 total points
ID: 35801802
Proxy server configuration for the browser will provide you for a way to see what each users was browsing while on the terminal server.  Using proxy server with NTLM, will create entries on the proxy server's log with username as a reference for each link accessed/transaction.
Auditing of every object the user uses will provide some of what you are looking for i.e. you will have a log entry that userA accessed object mstsc. But you will not see what the user did once that command was run.

You might be looking at some commercial product that records each users' session.

Restricting what the terminal server can access is a way to limit what the user can do when connected to the terminal server.
I.e. if there is a specific set of tasks that should be permitted from the terminal server by users, you should exclude all other if the concern that they are doing something else.


Author Closing Comment

ID: 36485018
Thanks Arnold, I have use what you suggest and its working for me

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question