Pau Lo
asked on
windows server last access timestamp (RDP)
Is there a relatively easy way to determine the last time an officer last logged on (e.g RDP) to a windows server? I need to verify a list of officers with admin access to a server and need some stats on last access to help flag potential inappropriate assignment of admin rights.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have auditing enabled then you will have events in the event logs and also you can configure an alert, looking for those particular events.
Check if this point you:
How to keep track of privileged user accounts in Active Directory:
https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory
Check if this point you:
How to keep track of privileged user accounts in Active Directory:
https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events
Then monitor our forward your event log for event 528.