Solved

How to enable audit and viewand monitor  the RDP users to the server

Posted on 2014-02-24
8
400 Views
Last Modified: 2014-05-26
I need to audit who access the server using the Remote Desktop Protocol. I want to see from which PC/IP and what time they connected. How can I enable this in windows 2008 and 2012 server. I have AD 2008 R2.
0
Comment
Question by:jobby1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 12

Accepted Solution

by:
Alex Green earned 100 total points
ID: 39882248
ObserveIT is pretty decent

http://www.observeit.com/
0
 
LVL 12

Assisted Solution

by:ibrahim52
ibrahim52 earned 200 total points
ID: 39882259
You should visit the link below to have a better idea. Also, to be really honest FREE solution isn't there at all unless you are ready to stick with windows built-in feature of logs system which isn't good filtered.

Referred link :-
http://serverfault.com/questions/206085/are-there-any-rdp-activity-logs-windows-server-2008-r2
0
 
LVL 7

Assisted Solution

by:peea
peea earned 200 total points
ID: 39882294
> I want to see from which PC/IP and what time they connected.

This info can be available from firwall logs. Has the 2008 sever enabled logging on the LAN adapter?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 12

Assisted Solution

by:ibrahim52
ibrahim52 earned 200 total points
ID: 39882914
in fact this info is also available in EVENT logs regarding who accessed the server what time and from which IP.
0
 
LVL 7

Assisted Solution

by:peea
peea earned 200 total points
ID: 39887552
One benefits of checking syslog or other firewall logs similar to syslog is for search ability. You can't simply do a full-text search aganist Windows Event Logs.

Windows Event Logs does provide some kind of searching fucntion: filter, but it however does not support full-text search and you have to deal with multple GUI fields for a simple search.
0
 

Author Comment

by:jobby1
ID: 39910650
How can I enable the auditing for RDP logins.
0
 
LVL 7

Expert Comment

by:peea
ID: 40091843
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question