Solved

How to enable audit and viewand monitor  the RDP users to the server

Posted on 2014-02-24
8
397 Views
Last Modified: 2014-05-26
I need to audit who access the server using the Remote Desktop Protocol. I want to see from which PC/IP and what time they connected. How can I enable this in windows 2008 and 2012 server. I have AD 2008 R2.
0
Comment
Question by:jobby1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 10

Accepted Solution

by:
Alex Green earned 100 total points
ID: 39882248
ObserveIT is pretty decent

http://www.observeit.com/
0
 
LVL 12

Assisted Solution

by:ibrahim52
ibrahim52 earned 200 total points
ID: 39882259
You should visit the link below to have a better idea. Also, to be really honest FREE solution isn't there at all unless you are ready to stick with windows built-in feature of logs system which isn't good filtered.

Referred link :-
http://serverfault.com/questions/206085/are-there-any-rdp-activity-logs-windows-server-2008-r2
0
 
LVL 7

Assisted Solution

by:peea
peea earned 200 total points
ID: 39882294
> I want to see from which PC/IP and what time they connected.

This info can be available from firwall logs. Has the 2008 sever enabled logging on the LAN adapter?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 12

Assisted Solution

by:ibrahim52
ibrahim52 earned 200 total points
ID: 39882914
in fact this info is also available in EVENT logs regarding who accessed the server what time and from which IP.
0
 

Author Comment

by:jobby1
ID: 39884843
0
 
LVL 7

Assisted Solution

by:peea
peea earned 200 total points
ID: 39887552
One benefits of checking syslog or other firewall logs similar to syslog is for search ability. You can't simply do a full-text search aganist Windows Event Logs.

Windows Event Logs does provide some kind of searching fucntion: filter, but it however does not support full-text search and you have to deal with multple GUI fields for a simple search.
0
 

Author Comment

by:jobby1
ID: 39910650
How can I enable the auditing for RDP logins.
0
 
LVL 7

Expert Comment

by:peea
ID: 40091843
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question