<div>
You would have to enable auditing of logon events on every RDS Host.<br />
<a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events" rel="ugc">https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events</a><br />
<br />
Then monitor our forward your event log for event 528.
</div>


You would have to enable auditing of logon events on every RDS Host.
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events [https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events]

Then monitor our forward your event log for event 528.

Pau Lo

<div>
If you have auditing enabled then you will have events in the event logs and also you can configure an alert, looking for those particular events.<br />
<br />
Check if this point you:<br />
<br />
How to keep track of privileged user accounts in Active Directory:<br />
<a href="https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory" rel="ugc">https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory</a>
</div>


If you have auditing enabled then you will have events in the event logs and also you can configure an alert, looking for those particular events.

Check if this point you:

How to keep track of privileged user accounts in Active Directory:
https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory [https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory]

<div>
<div class="content wysiwyg-content">
Is there a relatively easy way to determine the last time an officer last logged on (e.g RDP) to a windows server? I need to verify a list of officers with admin access to a server and need some stats on last access to help flag potential inappropriate assignment of admin rights.
</div>
</div>


Is there a relatively easy way to determine the last time an officer last logged on (e.g RDP) to a windows server? I need to verify a list of officers with admin access to a server and need some stats on last access to help flag potential inappropriate assignment of admin rights.

windows server last access timestamp (RDP)

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.