Remote Desktop Connection logs

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Does RDC keep ANY logs at all. errors, connections made...recent connections?
anything at all would be helpful as i have searched and can not find any as
of yet.

Thanks all!
Toybreaker at gmail dot com
 
Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...

You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
desired. Note, some folks have XP boxes setup to login without a password. Logging in
without a password counts as a "failure". This results in the security log filling up very fast if
you log failures and have a user without a password. I fell into that trap while testing a new XP
Pro box once. The result is you can not login normally. Also note, not having a password is
a potential and probable security risk.

The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
Administrative Tools" and click on "Event Viewer".

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
Thanks for the info. I tested it and found the event. So a 528 with a logon
type of 10 will always be a RDC or TS logon? What i need to know is if the
client keeps any logs of attempted connection whether succesful or failures.
 
If you expand the properties for the 528 event and scroll down in the "Description" window and click
on the "For more information" URL. The resulting windows lists the various logon types. You can test
against that, noting the time for each login attempt using Remote Desktop, by providing wrong
passwords for example to see now logging works... Of course this presumes you setup the audit policy
to also log failures...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
Misread your post...

Hmmm... I have never tested on the client...:-)

Perhaps you could test and report back. That would be a big help to others on this forum...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
 
The Client does not write anything to the event logs when you attempt a
connection. I wa hoping that there would be a .txt or .log file somewhere
that kept that info. I have a hard time believing MS has an app that does
track what you do. oh well..thanks for the info Al...much appreciated...i
learned something!!

Sooner Al said:
Misread your post...

Hmmm... I have never tested on the client...:-)

Perhaps you could test and report back. That would be a big help to others on this forum...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
Click to expand...
 
Toybreaker,

I have this line in my logon.bat file. It writes a text
file to the C drive (you can redirect it elsewhere) of
all logons.
echo %username% %clientname% %date% %time% >> c:\logon.txt
Works for me.

Scott
 
Back
Top