Link to home
Start Free TrialLog in
Avatar of Pau Lo
Pau Lo

asked on

windows server last access timestamp (RDP)

Is there a relatively easy way to determine the last time an officer last logged on (e.g RDP) to a windows server? I need to verify a list of officers with admin access to a server and need some stats on last access to help flag potential inappropriate assignment of admin rights.
Avatar of Huig Guijt
Huig Guijt
Flag of Netherlands image

You would have to enable auditing of logon events on every RDS Host.

Then monitor our forward your event log for event 528.
Avatar of McKnife
Flag of Germany image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of austin minor
austin minor

If you have auditing enabled then you will have events in the event logs and also you can configure an alert, looking for those particular events.

Check if this point you:

How to keep track of privileged user accounts in Active Directory: