Is it possible to enable logging of RDP connections / disconnections under Windows XP and Windows 7?
10,346
I dont know if there's something specific for RDP, btw you could
- enable an Audit Policy for Logons on the workstation (you can do it via GPO if you're on a Active Directory domain or you can do it on a single workstation editing its Local Security Policy)
- check Events in Security with Event Code = 528 (User logged in) and Logon Type = 10 (Remote Interactive, so RDP like connections)
you can query Events i.e. using LogParser (GUI here) and maybe load them in a DB for future analysis
Related videos on Youtube
06 : 35
Windows XP - Remote Desktop
03 : 00
How to Enable Remote Desktop in Windows 7
04 : 18
Remote Desktop Connection Logging off versus Disconnecting
00 : 47
RDP Log off vs Disconnect
02 : 56
How to keep running rdp session alive after disconnect Windows 7
01 : 30
Is it possible to enable logging of RDP connections / disconnections under Windows XP and...
05 : 49
Configure and use your Windows 7 Remote Access - Remote Desktop Connection Software
Comments
-
Jon Cage over 1 year
As the title suggests, I'm trying to keep an eye on RDP connections / disconnections to a couple of machines. One's running Windows XP and one's running Windows 7.
I've checked the event logs on the Windows XP machine and there's nothing mentioned in there. Is it just a Windows 2003 Server feature?
-
Jon Cage about 14 yearsThanks. I'm using Python to parse the loging messages as part of a larger suite of applications (no need to use logparser).