You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired.
Note, some folks have XP boxes setup to login without a password. Logging in without a password
counts as a "failure". This results in the security log filling up very fast if you log failures and
have a user without a password. I fell into that trap while testing a new XP Pro box a while back.
The result is you can not login normally. Also note, not having a password is a potential and
probable security risk.
The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
Administrative Tools" and click on "Event Viewer".
You can look for the "Logon type 10" in the Event Properties which indicates "A user logged on to
this computer remotely using Terminal Services or a Remote Desktop connection".
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program -
http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
