Best way to monitor RDP sessions?

Discussion in 'OT Technology' started by 95vr4, Feb 15, 2008.

  1. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    My dad wants to check if/when a certain users logs onto his server at work (Windows 2003) through RDP.

    Under the Domain Controller Security Policy I enabled auditing on "Audit account logon events" and "Audit logon events" <--wasn't sure which one I needed

    ^^now it's showing a few logon/logoff events every few minutes for just about every user (including some users I know aren't logged on locally)

    Is there a better way to do it? Is there a way to just log RDP sessions and not local domain logons?

    Thanks for any help :wavey:
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I would create a logon batch that runs when users login via TS, and then it can do whatever you needed done.

    If you just want to see who's connected via TS at any given time, then run "query user" from a command line on the server (use telnet or RDP to run remotely)
     
  3. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    .

    It can be as simple as:

    echo %date% %time%,%username% >> c:\log.txt

    Just be sure they have permissions to write to whatever directory you choose.
     
  4. 95vr4

    95vr4 OT Supporter

    Joined:
    Oct 6, 2004
    Messages:
    2,513
    Likes Received:
    0
    Location:
    Weddington, NC
    Thanks, I'll give that a shot. Just append it to the usrlogon.bat file that already runs? Which account needs the permissions? The TS users account?

    .bat won't run vbscript will it?

    pUserName=%username%
    if pUserName="nameofpersonIwanttoMonitor" then
    echo %date% %time%,%username% >> c:\log.txt
    end if

    ^^is there a way to do that in a .bat?

    Thanks
     
  5. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    cscript \\path\to\script.vb
     
  6. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    If you're using batch file logon scripts then yes, just add it to the end of it. Ther user logging in needs permissions to write to the file, but if you bury it in a parent that they don't have access to they won't be able to open it unless they know the full path. Or you can set write but not read permissions on the file (I think). A batch file can run a vbs script, and vice versa.

    If you want to check one person then you can use:

    if "%username%"=="usernameyouwanttocheck" echo %date% %time%,%username% >> c:\log.txt

    If you want to check multiple names, you can create a file of users (c:\users.txt in this case):

    find "%username%" c:\users.txt
    if not errorlevel 1 echo %date% %time%,%username% >> c:\log.txt
     

Share This Page