Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to enable audit and viewand monitor  the RDP users to the server

Posted on 2014-02-24
8
396 Views
Last Modified: 2014-05-26
I need to audit who access the server using the Remote Desktop Protocol. I want to see from which PC/IP and what time they connected. How can I enable this in windows 2008 and 2012 server. I have AD 2008 R2.
0
Comment
Question by:jobby1
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 9

Accepted Solution

by:
Alex Green earned 100 total points
ID: 39882248
ObserveIT is pretty decent

http://www.observeit.com/
0
 
LVL 12

Assisted Solution

by:ibrahim52
ibrahim52 earned 200 total points
ID: 39882259
You should visit the link below to have a better idea. Also, to be really honest FREE solution isn't there at all unless you are ready to stick with windows built-in feature of logs system which isn't good filtered.

Referred link :-
http://serverfault.com/questions/206085/are-there-any-rdp-activity-logs-windows-server-2008-r2
0
 
LVL 7

Assisted Solution

by:peea
peea earned 200 total points
ID: 39882294
> I want to see from which PC/IP and what time they connected.

This info can be available from firwall logs. Has the 2008 sever enabled logging on the LAN adapter?
0
ScreenConnect 6.0 Free Trial

Discover new time-saving features in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

 
LVL 12

Assisted Solution

by:ibrahim52
ibrahim52 earned 200 total points
ID: 39882914
in fact this info is also available in EVENT logs regarding who accessed the server what time and from which IP.
0
 

Author Comment

by:jobby1
ID: 39884843
0
 
LVL 7

Assisted Solution

by:peea
peea earned 200 total points
ID: 39887552
One benefits of checking syslog or other firewall logs similar to syslog is for search ability. You can't simply do a full-text search aganist Windows Event Logs.

Windows Event Logs does provide some kind of searching fucntion: filter, but it however does not support full-text search and you have to deal with multple GUI fields for a simple search.
0
 

Author Comment

by:jobby1
ID: 39910650
How can I enable the auditing for RDP logins.
0
 
LVL 7

Expert Comment

by:peea
ID: 40091843
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question