Avatar of Pau Lo
Pau Lo
 asked on

windows server last access timestamp (RDP)

Is there a relatively easy way to determine the last time an officer last logged on (e.g RDP) to a windows server? I need to verify a list of officers with admin access to a server and need some stats on last access to help flag potential inappropriate assignment of admin rights.
Windows OSWindows Server 2012Windows Server 2008OS Security

Avatar of undefined
Last Comment
austin minor

8/22/2022 - Mon
Huig Guijt

You would have to enable auditing of logon events on every RDS Host.
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events

Then monitor our forward your event log for event 528.
ASKER CERTIFIED SOLUTION
McKnife

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
austin minor

If you have auditing enabled then you will have events in the event logs and also you can configure an alert, looking for those particular events.

Check if this point you:

How to keep track of privileged user accounts in Active Directory:
https://community.spiceworks.com/how_to/128307-how-to-keep-track-of-privileged-user-accounts-in-active-directory
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck