Link to home
Start Free TrialLog in
Avatar of hassanayoub85
hassanayoub85Flag for Lebanon

asked on

Logging Remote Desktop activities to the win2008R2 server

Dear,
How can I Log all Remote Desktop activities to the win2008R2 server?
Thx
Avatar of motnahp00
motnahp00
Flag of United States of America image

Auditing encompasses a lot of areas.

Here's what I configure on my servers:

Audit account logon events -> Success, Failure
Audit account management -> Success, Failure
Audit directory service access - Failure
Audit logon events -> Success, Failure
Audit object access -> Failure
Audit policy change -> Success
Audit privilege use -> Failure
Audit process tracking -> Not defined
Audit system events -> Success
Avatar of hassanayoub85

ASKER

Dear all,
All what I want is to know what IP addresses and MACs for the users logging in to mys erver remotely, and any other info can I achieve.
Thx
Well I'm not 100% you will be able to gather all information like MACS but you will get IP addresses

Another third-party tool http://www.terminalserviceslog.com/blog/index.php/2010/01/11/configuring-auditing-for-windows-servers/
The logs will provide you a hostname. You can get figure out the mac using getmac /s <hostname>.
Does Observe It Allow me to record the activities only when remote connection is running?
No this records all types of events
I am searching for a tool which records only activities for the Remote connected users.
You can NOT just get Remote Desktop Events. There is no such thing as Remote Desktop Auditing you must turn on auditing which audits other Events.
ASKER CERTIFIED SOLUTION
Avatar of hassanayoub85
hassanayoub85
Flag of Lebanon image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
found a faster solution.