RDP LOG Windows 7


I have a PC with RDP enabled for remote access
Is there any way to have a log of remote connections? Date and time of every remote connection via RDP ?

Thank you
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Your best bet is to go through the computer's security log to get that information.  In some environments, what they do is put in a user logon policy where time and date is entered.  The logon script could be as simple as below:

echo Username:  %username%   RDP Server:  %computername% Logon Date:  %date%  Time:   %time% >> \\server\sharedrive\logon.txt

The same would be true for logoff.  You could write a batch file to export it at the end of the day to a different filename so that you get a separate file for each day.
gadsadAuthor Commented:
in the computer security log it seems that Event ID 4624 (open a session) and Event ID 4634 (close a session) are reported many more times that actual RDP connections and disconnections.  Do you know why ?  

Your sript is a good idea but how do I make it automatic at logon and logoff ?

If I just "RDP disconnect" whitout logout the script will not work right?
Any way to make a similar script for RDP connections/disconnections?

Thank you
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
You can create two Group Policies, one for logon and one for logoff.  These will be user logon and logoff policies, you will apply it to all users but either filter it to the RDP servers or put your RDP servers in a separate OU and apply the policy there (in any case, you should have your RDP servers in a separate OU for application of policies).  The policy will run the batch files as specified and ensure to have a share where users will have modify privileges (make a hidden share, i.e. \\servername\sharename$).  Below is instructions on how to create Group Policies:

The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

gadsadAuthor Commented:
It is not an RDP server but a Windows 7 Pro PC remote user using "remote desktop"  
I prefer not to use Croup Policies (not familiar with that)

Any other solution?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
It is very easy to do it via local policy.  This is what you do:

1.  Create logon script in folder C:\Windows\System32\GroupPolicy\User\Scripts\Logon (i.e. logonscript.cmd)
2.  Create logoff script in folder C:\Windows\System32\GroupPolicy\User\Scripts\Logoff (i.e. logoffscript.cmd)
3.  On the Windows 7 computer, click on Start, Run gpedit.msc
4.  Expand Local Computer Policy, User Configuration, Scripts (Logon/Logoff)
5.  Double click on Logon on the right side of the screen, click on Add, Browse and double click on logonscript.cmd
6.  Perform step above for logoff
7.  You are done
gadsadAuthor Commented:
In my computer the folder C:\WIndows\System32\GroupPolicy is empty
Should I create User\Scripts\Logon and Logoff ? with "user" or the actual user name?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Run GPEDIT.MSC and it may create the directories.  Via the GPEDIT.MSC, you can create the files directly.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gadsadAuthor Commented:
It works and its a good solution for me
THank you very much
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I am glad it worked for you. Thanks for the points.
gadsadAuthor Commented:
Very Strange. It worked perfectly on windows 7 PRO (test station).

But now I tried same thing exactly on a Windows 8.1 computer and only Logoff script works. Login script does not works

Logonscript.cmd  works fine when executed directly (il registrate an entry in log file) but is not executed while actually opening the session (via RDP) (no line registered in log file)

Logoffscript.cmd works fine while closing the session (via RDP) (it do registrate an entry in log file)

Strange. Any Idea?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I will try next week on a Windows 8 computer.  Another way to do it would be to use PowerShell to run tasks at specified times which will extract the event logs to a text file.
gadsadAuthor Commented:
OK, thank you very much
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.