HOW to log Remote Desktop connection info

Remote Desktop connection is a great utility to access PCs physically away from you with ease. If you are responsible for the security of a Windows machine that can be accessed through Remote Desktop, you have to constantly keep track of the users and their permissions.

To monitor activity of users connecting through RDP, you would have to set up an Audit Policy (see steps). Once set, Security Event Log will note when a remote user logged on or off. From the Event Viewer, a successful Logon/Logoff can be detected by an Event code of 528 and Logon Type of 10

To allow users to connect through RDP, they have to be added explicitly. However, any member of the Administrators group can connect even if they are not listed. A user who no longer requires access should be removed explicitly or his permissions have to be curtailed to prevent any potential abuse. To selectively or wholly remove users, right-click "My Computer", select "Properties", choose the "Remote" tab & make changes accordingly.

On a related note - Did you know, you cannot use Remote Desktop Connection to connect to remote (host) computers running the following editions of Windows Vista:
Windows Vista Starter
Windows Vista Home Basic
Windows Vista Home Premium

Related:
How to Remove Entries from the Remote Desktop Connection Computer Box
Running Windows applets from the command line

Comments

  1. Though Windows RDP is an effective tool, the need for constant configuration and limitations such as inability to connect to certain version specifications are worrisome. Better alternatives are specialized remote desktop solutions such as WebEx, LogMeIn , or RHUB http://www.rhubcom.com, which are easy and convenient to use as well as more secure.

    ReplyDelete

Post a Comment

Popular posts from this blog

Maven Crash Course - Learn Power Query, Power Pivot & DAX in 15 Minutes

"Data Prep & Exploratory Data Analysis" course by Maven Analytics

Oracle Cloud Infrastructure 2024 Generative AI Professional Course & Certification Exam (1Z0-1127-24)