1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

logging who has logged into the Terminal Server

Discussion in 'Windows Home Server' started by Cary Shultz, Aug 19, 2009.

  1. Cary Shultz

    Cary Shultz Guest

    Good evening!

    Other than enabling Auditing (which would show us the 528 - Type 10 Logons)
    on the Terminal Servers is there another way to log who accesses specific
    Terminal Server boxes? Er, 95% of the users are accessing the TS box
    internally......

    Now, same question - but assume that 99% of the users are accessing the TS
    Box externally.

    Thanks!

    Cary
     
    Cary Shultz, Aug 19, 2009
    #1
  3. Cary Shultz

    Cary Shultz Guest

    Okay....I looked around on our Terminal Servers and figured it out. The one
    place where I did not initially look was the Advanced button on the Security
    Tab (on the Terminal Services Configuration MMC). Stupid me! I have
    enabled auditing in a ton of other places (file servers, for example).
    Anyway, that was pretty much it.

    Also found a post from Vera (Hello, Vera!) where she mentioned the
    LogTSLogOff and LogRemoteControl registry entries.....put those in place as
    well.

    I am not sure that I understand the need to enable the Auditing (in the
    Terminal Services Configuration MMC) and make the registry entries. I did
    look on the Terminal Servers and there were a ton of 528s already (I already
    had the Auditing enabled via GPO). Does the "Advanced button on the
    Security tab" entry (selected EVERYONE and did success for Logon, Logoff,
    Remote Control and disconnect) simply add a couple more things that the
    Auditing does not natively log (like, the remote control and disconnects)?

    Thanks all!

    "Cary Shultz" <cshultz@outsourceit.com> wrote in message
    news:OpHfrMTIKHA.3708@TK2MSFTNGP02.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Good evening!
    >
    > Other than enabling Auditing (which would show us the 528 - Type 10
    > Logons) on the Terminal Servers is there another way to log who accesses
    > specific Terminal Server boxes? Er, 95% of the users are accessing the TS
    > box internally......
    >
    > Now, same question - but assume that 99% of the users are accessing the TS
    > Box externally.
    >
    > Thanks!
    >
    > Cary <!--colorc--><!--/colorc-->
     
    Cary Shultz, Aug 20, 2009
    #2
  4. RandyH

    RandyH Guest

    Cary,

    The way I record logons/logoffs is: I have a logon/logoff GPO script
    applied to the server.

    Logon.bat
    echo LOGON %computername% - %username% %date% %time% >>
    \\ServerName\ShareName\%username%.log

    Logoff.bat
    echo logoff %computername% - %username% %date% %time% >>
    \\ServerName\ShareName\%username%.log

    This works great for us, we keep a running logfile of each user and can see
    when and how long there were signed on.


    RandyH



    "Cary Shultz" <cshultz@outsourceit.com> wrote in message
    news:OD3NdCYIKHA.3708@TK2MSFTNGP02.phx.gbl...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Okay....I looked around on our Terminal Servers and figured it out. The
    > one place where I did not initially look was the Advanced button on the
    > Security Tab (on the Terminal Services Configuration MMC). Stupid me! I
    > have enabled auditing in a ton of other places (file servers, for
    > example). Anyway, that was pretty much it.
    >
    > Also found a post from Vera (Hello, Vera!) where she mentioned the
    > LogTSLogOff and LogRemoteControl registry entries.....put those in place
    > as well.
    >
    > I am not sure that I understand the need to enable the Auditing (in the
    > Terminal Services Configuration MMC) and make the registry entries. I did
    > look on the Terminal Servers and there were a ton of 528s already (I
    > already had the Auditing enabled via GPO). Does the "Advanced button on
    > the Security tab" entry (selected EVERYONE and did success for Logon,
    > Logoff, Remote Control and disconnect) simply add a couple more things
    > that the Auditing does not natively log (like, the remote control and
    > disconnects)?
    >
    > Thanks all!
    >
    > "Cary Shultz" <cshultz@outsourceit.com> wrote in message
    > news:OpHfrMTIKHA.3708@TK2MSFTNGP02.phx.gbl...<!--coloro:green--><span style="color:green <!--/coloro-->
    >> Good evening!
    >>
    >> Other than enabling Auditing (which would show us the 528 - Type 10
    >> Logons) on the Terminal Servers is there another way to log who accesses
    >> specific Terminal Server boxes? Er, 95% of the users are accessing the
    >> TS box internally......
    >>
    >> Now, same question - but assume that 99% of the users are accessing the
    >> TS Box externally.
    >>
    >> Thanks!
    >>
    >> Cary<!--colorc--><!--/colorc-->
    > <!--colorc--><!--/colorc-->
     
    RandyH, Sep 2, 2009
    #3

Share This Page