How to increase security on Terminal server 2008

Posted on 2011-05-11
Last Modified: 2012-05-11
How to setup a terminal server with the following function,
> Log all users that login
> Log/Trace all activity that going on on Terminal server and any other remote connection from terminal server.
Question by:Seni
    LVL 76

    Expert Comment

    Create a login script that does
    echo "%username% logged in on %date% %time%" >> \\server\share\login.log
    Create a similar logout script

    This is done in a User GPO that applies through loopback to users loging into the terminal server.

    Enable auditing policy.  Force all users access to go through a proxy server.
    Enable the terminal process that one can view their session without a prompt.
    You can also add SNMP/WMI SNMP and setup an SNMPTRAPD server while configuring evntwin to map the event log entries to SNMP traps......
    use splunk to aggregate the logs into one location/server.
    LVL 17

    Assisted Solution

    You could also use third party software such as to automatically record all sessions. There are a few similar products put there.

    Author Comment

    Hi Arnod.

    when u said (Enable auditing policy.  Force all users access to go through a proxy server.)
    what exactly does this proxy server integrate with Terminal server?
    LVL 76

    Accepted Solution

    Proxy server configuration for the browser will provide you for a way to see what each users was browsing while on the terminal server.  Using proxy server with NTLM, will create entries on the proxy server's log with username as a reference for each link accessed/transaction.
    Auditing of every object the user uses will provide some of what you are looking for i.e. you will have a log entry that userA accessed object mstsc. But you will not see what the user did once that command was run.

    You might be looking at some commercial product that records each users' session.

    Restricting what the terminal server can access is a way to limit what the user can do when connected to the terminal server.
    I.e. if there is a specific set of tasks that should be permitted from the terminal server by users, you should exclude all other if the concern that they are doing something else.


    Author Closing Comment

    Thanks Arnold, I have use what you suggest and its working for me

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
    Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now