Solved

Real time monitoring user activety and login/out W server 2008R2 HV

Posted on 2011-09-13
4
305 Views
Last Modified: 2012-05-12
I want to try to accomplish two things.  I would like to simply see a log of which users login in/out to a W2008 server.  I know I can look at the server logs but that is a bit to weed through all the other login/out entries.  Separately I would like to be able to shadow a users session.  I've used VNC but that is visible to the user.  I have workers who log into a remote server with remote desktop and it is hard to ascertain how much of their time is actually being used towards working, as compared to sitting idle while the pay clock ticks and they are actually doing other things in their remote, often home office.  That is the one disadvantage of using remote workers is it is hard to verify/monitor their activities.
0
Comment
Question by:hconant
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:AdamJur
ID: 36532145
You need to enable auditing of success/failures for logins - yes this will flood the event log but without parsing via scripts or 3rd party software to auto-notify you of logon events then you're at a loss.

 to view remote sessions, log into the console of the server.  mstsc.exe /admin [2008r2]    mstsc.exe /v:servername [2003]

Once logged into the console open the RDP-TCP Properties.

2008 steps:  Start - Run >    tsconfig.msc
right click RDP-Tcp
go to remote-Control tab
use Remote Control with the following:
    uncheck require permissions

You can choose whether to enable interaction but its a dead giveaway they are being snooped on if their mouse starts moving. ;p

If that fails  you will also need to check the users' Active Directory properties. Locate the user and click their 'remote control' tab. Modify the checks as needed.

Disabling this for the user at this level leaves them vulnerable if they log into other terminal servers.
ie. say joe the contractor has been stripped of 'require permission' from you - the domain admin - if he logs into another terminal server in engineering, one that you dont need to snoop on - and one of the admins of engineering did the same to his RDP-tcp setting then the engineering admin could view joes session even though he didnt make any changes. be careful.

-adam
0
 

Author Comment

by:hconant
ID: 36533031
I logged on with two RDP sessions for different users to test this.  There is only one RDP-Tcp session showing at a time under the Connections section.  I saw the settings you were referring to there.  Now I just don't know how to locate and Remote Control the other users (or any other users) session.  In this test there should have only been two users, myself as Administrator, and one other.
0
 
LVL 5

Accepted Solution

by:
AdamJur earned 500 total points
ID: 36537073
to remote into another users's session you must open tsadmin
Start>  tsadmin.msc

From here you will see logged in sessions and can right click a users' account to monitor.
0
 

Author Closing Comment

by:hconant
ID: 36548208
Very helpful. Thanks
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question