Solved

Real time monitoring user activety and login/out W server 2008R2 HV

Posted on 2011-09-13
4
301 Views
Last Modified: 2012-05-12
I want to try to accomplish two things.  I would like to simply see a log of which users login in/out to a W2008 server.  I know I can look at the server logs but that is a bit to weed through all the other login/out entries.  Separately I would like to be able to shadow a users session.  I've used VNC but that is visible to the user.  I have workers who log into a remote server with remote desktop and it is hard to ascertain how much of their time is actually being used towards working, as compared to sitting idle while the pay clock ticks and they are actually doing other things in their remote, often home office.  That is the one disadvantage of using remote workers is it is hard to verify/monitor their activities.
0
Comment
Question by:hconant
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:AdamJur
ID: 36532145
You need to enable auditing of success/failures for logins - yes this will flood the event log but without parsing via scripts or 3rd party software to auto-notify you of logon events then you're at a loss.

 to view remote sessions, log into the console of the server.  mstsc.exe /admin [2008r2]    mstsc.exe /v:servername [2003]

Once logged into the console open the RDP-TCP Properties.

2008 steps:  Start - Run >    tsconfig.msc
right click RDP-Tcp
go to remote-Control tab
use Remote Control with the following:
    uncheck require permissions

You can choose whether to enable interaction but its a dead giveaway they are being snooped on if their mouse starts moving. ;p

If that fails  you will also need to check the users' Active Directory properties. Locate the user and click their 'remote control' tab. Modify the checks as needed.

Disabling this for the user at this level leaves them vulnerable if they log into other terminal servers.
ie. say joe the contractor has been stripped of 'require permission' from you - the domain admin - if he logs into another terminal server in engineering, one that you dont need to snoop on - and one of the admins of engineering did the same to his RDP-tcp setting then the engineering admin could view joes session even though he didnt make any changes. be careful.

-adam
0
 

Author Comment

by:hconant
ID: 36533031
I logged on with two RDP sessions for different users to test this.  There is only one RDP-Tcp session showing at a time under the Connections section.  I saw the settings you were referring to there.  Now I just don't know how to locate and Remote Control the other users (or any other users) session.  In this test there should have only been two users, myself as Administrator, and one other.
0
 
LVL 5

Accepted Solution

by:
AdamJur earned 500 total points
ID: 36537073
to remote into another users's session you must open tsadmin
Start>  tsadmin.msc

From here you will see logged in sessions and can right click a users' account to monitor.
0
 

Author Closing Comment

by:hconant
ID: 36548208
Very helpful. Thanks
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Every system administrator encounters once in while in a problem where the solution seems to be a needle in haystack.  My needle was an anti-virus version causing problems with my Exchange server. I have an HP DL350 with Windows Server 2008 Stand…
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now