• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Real time monitoring user activety and login/out W server 2008R2 HV

I want to try to accomplish two things.  I would like to simply see a log of which users login in/out to a W2008 server.  I know I can look at the server logs but that is a bit to weed through all the other login/out entries.  Separately I would like to be able to shadow a users session.  I've used VNC but that is visible to the user.  I have workers who log into a remote server with remote desktop and it is hard to ascertain how much of their time is actually being used towards working, as compared to sitting idle while the pay clock ticks and they are actually doing other things in their remote, often home office.  That is the one disadvantage of using remote workers is it is hard to verify/monitor their activities.
0
hconant
Asked:
hconant
  • 2
  • 2
1 Solution
 
AdamJurCommented:
You need to enable auditing of success/failures for logins - yes this will flood the event log but without parsing via scripts or 3rd party software to auto-notify you of logon events then you're at a loss.

 to view remote sessions, log into the console of the server.  mstsc.exe /admin [2008r2]    mstsc.exe /v:servername [2003]

Once logged into the console open the RDP-TCP Properties.

2008 steps:  Start - Run >    tsconfig.msc
right click RDP-Tcp
go to remote-Control tab
use Remote Control with the following:
    uncheck require permissions

You can choose whether to enable interaction but its a dead giveaway they are being snooped on if their mouse starts moving. ;p

If that fails  you will also need to check the users' Active Directory properties. Locate the user and click their 'remote control' tab. Modify the checks as needed.

Disabling this for the user at this level leaves them vulnerable if they log into other terminal servers.
ie. say joe the contractor has been stripped of 'require permission' from you - the domain admin - if he logs into another terminal server in engineering, one that you dont need to snoop on - and one of the admins of engineering did the same to his RDP-tcp setting then the engineering admin could view joes session even though he didnt make any changes. be careful.

-adam
0
 
hconantAuthor Commented:
I logged on with two RDP sessions for different users to test this.  There is only one RDP-Tcp session showing at a time under the Connections section.  I saw the settings you were referring to there.  Now I just don't know how to locate and Remote Control the other users (or any other users) session.  In this test there should have only been two users, myself as Administrator, and one other.
0
 
AdamJurCommented:
to remote into another users's session you must open tsadmin
Start>  tsadmin.msc

From here you will see logged in sessions and can right click a users' account to monitor.
0
 
hconantAuthor Commented:
Very helpful. Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now