Solved

Real time monitoring user activety and login/out W server 2008R2 HV

Posted on 2011-09-13
4
308 Views
Last Modified: 2012-05-12
I want to try to accomplish two things.  I would like to simply see a log of which users login in/out to a W2008 server.  I know I can look at the server logs but that is a bit to weed through all the other login/out entries.  Separately I would like to be able to shadow a users session.  I've used VNC but that is visible to the user.  I have workers who log into a remote server with remote desktop and it is hard to ascertain how much of their time is actually being used towards working, as compared to sitting idle while the pay clock ticks and they are actually doing other things in their remote, often home office.  That is the one disadvantage of using remote workers is it is hard to verify/monitor their activities.
0
Comment
Question by:hconant
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:AdamJur
ID: 36532145
You need to enable auditing of success/failures for logins - yes this will flood the event log but without parsing via scripts or 3rd party software to auto-notify you of logon events then you're at a loss.

 to view remote sessions, log into the console of the server.  mstsc.exe /admin [2008r2]    mstsc.exe /v:servername [2003]

Once logged into the console open the RDP-TCP Properties.

2008 steps:  Start - Run >    tsconfig.msc
right click RDP-Tcp
go to remote-Control tab
use Remote Control with the following:
    uncheck require permissions

You can choose whether to enable interaction but its a dead giveaway they are being snooped on if their mouse starts moving. ;p

If that fails  you will also need to check the users' Active Directory properties. Locate the user and click their 'remote control' tab. Modify the checks as needed.

Disabling this for the user at this level leaves them vulnerable if they log into other terminal servers.
ie. say joe the contractor has been stripped of 'require permission' from you - the domain admin - if he logs into another terminal server in engineering, one that you dont need to snoop on - and one of the admins of engineering did the same to his RDP-tcp setting then the engineering admin could view joes session even though he didnt make any changes. be careful.

-adam
0
 

Author Comment

by:hconant
ID: 36533031
I logged on with two RDP sessions for different users to test this.  There is only one RDP-Tcp session showing at a time under the Connections section.  I saw the settings you were referring to there.  Now I just don't know how to locate and Remote Control the other users (or any other users) session.  In this test there should have only been two users, myself as Administrator, and one other.
0
 
LVL 5

Accepted Solution

by:
AdamJur earned 500 total points
ID: 36537073
to remote into another users's session you must open tsadmin
Start>  tsadmin.msc

From here you will see logged in sessions and can right click a users' account to monitor.
0
 

Author Closing Comment

by:hconant
ID: 36548208
Very helpful. Thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question