find user disconnection time in RDP session Windows server 2012

windows powershell cmd taskmanager
18,919

Solution 1

As far as I know this is not in the security logs. The correct place to look for is in Microsoft Event Viewer under Applications and Services Logs => Microsoft => Windows => TerminalServices-LocalSessionManager => Operational and then under the Operational logs.

The eventID to look for is ID24 (disconnected user session). EventID 25 is a reconnect.

Solution 2

You can use windows command query user UserName /server:ServerName or you can just enter query user /server:ServerName to find out all active or disconnected sessions.

Below is the sample output, I have blurred out my info for privacy:

enter image description here

I have also created a PowerShell script to do this task automatically, here is the link Powershell to find out disconnected RDP session and log off at the same time

Solution 3

You can start the Windows Event Viewer and check under Windows logs --> Security. Filter by 'Task Category = Logoff'.

You can export it to xml for easier reading.

enter image description here

Share:
18,919
Naigel
Author by

Naigel

I've always had a passion for IT related stuffs. Suddenly I found myself as a computer engineering student, then I accidentally started my career as system engineer, then evolved into a data analyst and finally reached the status of computer scientist. What does this exactly mean? Well... not sure yet, I guess it's like being a software engineer who understand some theoretical computer science.

Updated on July 03, 2022

Comments

  • Naigel
    Naigel almost 2 years

    We have a pool of develop machines where developers log in through RDP and usually they doesn't log off but just disconnect. As local administrator I can force the log off but I would like to check when the user disconnected.

    From task manager I can see only the user name and its status

    enter image description here

    Is there a way to discover when the user disconnected using task manager, powershell, cmd or whatever?

  • Patrick
    Patrick over 8 years
    Why don't you edit your previous answer and include this, instead of posting two answers (which are the same)?
  • Naigel
    Naigel over 8 years
    ok answer nearly correct, of course I can't find the logoff because he didn't logged off, but just disconnected. Anyway I can't find any details, my security logs history is just too short
  • bluuf
    bluuf over 8 years
    a Logoff is something completely different as a disconnect in RDP.
  • Naigel
    Naigel over 8 years
    perfect, thank you! I corrected the path, it was incomplete. In that view I can find only real user connection, exactly what I was looking for

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Flutter stuck on 'flutter' command - no output to console and it doesn't ever finish
How to create symbolic links for multiple files in multiple folders using command prompt or power shell?
How to start PowerShell script from BAT file with proper Working Directory?
%~dp0 equivalent in powershell (using Expand-Archive cmdlet)
How to keep remote powershell command alive after session end?
Detecting if a program is installed and where using cmd.exe
How to get the error code (ErrorLevel) from PowerShell into Windows command prompt?
cmd / powershell: minimize all windows on your desktop except for current command prompt (console) or except for some particular window
Add wifi profile with password in windows programmatically
How do I pass arguments or variables from one powershell script to another?