Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Real time monitoring user activety and login/out W server 2008R2 HV

Posted on 2011-09-13
4
Medium Priority
?
315 Views
Last Modified: 2012-05-12
I want to try to accomplish two things.  I would like to simply see a log of which users login in/out to a W2008 server.  I know I can look at the server logs but that is a bit to weed through all the other login/out entries.  Separately I would like to be able to shadow a users session.  I've used VNC but that is visible to the user.  I have workers who log into a remote server with remote desktop and it is hard to ascertain how much of their time is actually being used towards working, as compared to sitting idle while the pay clock ticks and they are actually doing other things in their remote, often home office.  That is the one disadvantage of using remote workers is it is hard to verify/monitor their activities.
0
Comment
Question by:hconant
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:AdamJur
ID: 36532145
You need to enable auditing of success/failures for logins - yes this will flood the event log but without parsing via scripts or 3rd party software to auto-notify you of logon events then you're at a loss.

 to view remote sessions, log into the console of the server.  mstsc.exe /admin [2008r2]    mstsc.exe /v:servername [2003]

Once logged into the console open the RDP-TCP Properties.

2008 steps:  Start - Run >    tsconfig.msc
right click RDP-Tcp
go to remote-Control tab
use Remote Control with the following:
    uncheck require permissions

You can choose whether to enable interaction but its a dead giveaway they are being snooped on if their mouse starts moving. ;p

If that fails  you will also need to check the users' Active Directory properties. Locate the user and click their 'remote control' tab. Modify the checks as needed.

Disabling this for the user at this level leaves them vulnerable if they log into other terminal servers.
ie. say joe the contractor has been stripped of 'require permission' from you - the domain admin - if he logs into another terminal server in engineering, one that you dont need to snoop on - and one of the admins of engineering did the same to his RDP-tcp setting then the engineering admin could view joes session even though he didnt make any changes. be careful.

-adam
0
 

Author Comment

by:hconant
ID: 36533031
I logged on with two RDP sessions for different users to test this.  There is only one RDP-Tcp session showing at a time under the Connections section.  I saw the settings you were referring to there.  Now I just don't know how to locate and Remote Control the other users (or any other users) session.  In this test there should have only been two users, myself as Administrator, and one other.
0
 
LVL 5

Accepted Solution

by:
AdamJur earned 2000 total points
ID: 36537073
to remote into another users's session you must open tsadmin
Start>  tsadmin.msc

From here you will see logged in sessions and can right click a users' account to monitor.
0
 

Author Closing Comment

by:hconant
ID: 36548208
Very helpful. Thanks
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question