Remote Desktop Connection logs

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Does RDC keep ANY logs at all. errors, connections made...recent connections?
anything at all would be helpful as i have searched and can not find any as
of yet.

Thanks all!
Toybreaker at gmail dot com
--
NEXT!!!
6 answers Last reply
More about remote desktop connection logs
  1. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...

    You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
    to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
    Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
    Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
    desired. Note, some folks have XP boxes setup to login without a password. Logging in
    without a password counts as a "failure". This results in the security log filling up very fast if
    you log failures and have a user without a password. I fell into that trap while testing a new XP
    Pro box once. The result is you can not login normally. Also note, not having a password is
    a potential and probable security risk.

    The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
    Administrative Tools" and click on "Event Viewer".

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Toybreaker" <toybreaker at gmail dot com> wrote in message
    news:053BBE00-AE37-4B6B-85B4-40FFB72C4B67@microsoft.com...
    > Does RDC keep ANY logs at all. errors, connections made...recent connections?
    > anything at all would be helpful as i have searched and can not find any as
    > of yet.
    >
    > Thanks all!
    > Toybreaker at gmail dot com
    > --
    > NEXT!!!
  2. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Thanks for the info. I tested it and found the event. So a 528 with a logon
    type of 10 will always be a RDC or TS logon? What i need to know is if the
    client keeps any logs of attempted connection whether succesful or failures.

    "Sooner Al" wrote:

    > Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...
    >
    > You can setup an Audit Policy using the Group Policy editor to log logon success and failures. Go
    > to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer Policy ->
    > Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
    > Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
    > desired. Note, some folks have XP boxes setup to login without a password. Logging in
    > without a password counts as a "failure". This results in the security log filling up very fast if
    > you log failures and have a user without a password. I fell into that trap while testing a new XP
    > Pro box once. The result is you can not login normally. Also note, not having a password is
    > a potential and probable security risk.
    >
    > The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
    > Administrative Tools" and click on "Event Viewer".
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no rights...
    >
    > "Toybreaker" <toybreaker at gmail dot com> wrote in message
    > news:053BBE00-AE37-4B6B-85B4-40FFB72C4B67@microsoft.com...
    > > Does RDC keep ANY logs at all. errors, connections made...recent connections?
    > > anything at all would be helpful as i have searched and can not find any as
    > > of yet.
    > >
    > > Thanks all!
    > > Toybreaker at gmail dot com
    > > --
    > > NEXT!!!
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    If you expand the properties for the 528 event and scroll down in the "Description" window and click
    on the "For more information" URL. The resulting windows lists the various logon types. You can test
    against that, noting the time for each login attempt using Remote Desktop, by providing wrong
    passwords for example to see now logging works... Of course this presumes you setup the audit policy
    to also log failures...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Toybreaker" <toybreaker at gmail dot com> wrote in message
    news:782A9A0F-E667-4328-BFA1-6CC25547A3AD@microsoft.com...
    > Thanks for the info. I tested it and found the event. So a 528 with a logon
    > type of 10 will always be a RDC or TS logon? What i need to know is if the
    > client keeps any logs of attempted connection whether succesful or failures.
    >
    > "Sooner Al" wrote:
    >
    >> Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...
    >>
    >> You can setup an Audit Policy using the Group Policy editor to log logon success and failures.
    >> Go
    >> to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer
    >> Policy ->
    >> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
    >> Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
    >> desired. Note, some folks have XP boxes setup to login without a password. Logging in
    >> without a password counts as a "failure". This results in the security log filling up very fast
    >> if
    >> you log failures and have a user without a password. I fell into that trap while testing a new XP
    >> Pro box once. The result is you can not login normally. Also note, not having a password is
    >> a potential and probable security risk.
    >>
    >> The event log can be viewed by going to "Start -> Control Panel -> Performance and Maintenance ->
    >> Administrative Tools" and click on "Event Viewer".
    >>
    >> --
    >> Al Jarvi (MS-MVP Windows Networking)
    >>
    >> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    >> The MS-MVP Program - http://mvp.support.microsoft.com
    >> This posting is provided "AS IS" with no warranties, and confers no rights...
    >>
    >> "Toybreaker" <toybreaker at gmail dot com> wrote in message
    >> news:053BBE00-AE37-4B6B-85B4-40FFB72C4B67@microsoft.com...
    >> > Does RDC keep ANY logs at all. errors, connections made...recent connections?
    >> > anything at all would be helpful as i have searched and can not find any as
    >> > of yet.
    >> >
    >> > Thanks all!
    >> > Toybreaker at gmail dot com
    >> > --
    >> > NEXT!!!
    >>
    >>
  4. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Misread your post...

    Hmmm... I have never tested on the client...:-)

    Perhaps you could test and report back. That would be a big help to others on this forum...

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...

    "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
    news:O5VTRilqEHA.3728@TK2MSFTNGP09.phx.gbl...
    > If you expand the properties for the 528 event and scroll down in the "Description" window and
    > click on the "For more information" URL. The resulting windows lists the various logon types. You
    > can test against that, noting the time for each login attempt using Remote Desktop, by providing
    > wrong passwords for example to see now logging works... Of course this presumes you setup the
    > audit policy to also log failures...
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no rights...
    >
    > "Toybreaker" <toybreaker at gmail dot com> wrote in message
    > news:782A9A0F-E667-4328-BFA1-6CC25547A3AD@microsoft.com...
    >> Thanks for the info. I tested it and found the event. So a 528 with a logon
    >> type of 10 will always be a RDC or TS logon? What i need to know is if the
    >> client keeps any logs of attempted connection whether succesful or failures.
    >>
    >> "Sooner Al" wrote:
    >>
    >>> Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...
    >>>
    >>> You can setup an Audit Policy using the Group Policy editor to log logon success and failures.
    >>> Go
    >>> to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer
    >>> Policy ->
    >>> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
    >>> Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
    >>> desired. Note, some folks have XP boxes setup to login without a password. Logging in
    >>> without a password counts as a "failure". This results in the security log filling up very fast
    >>> if
    >>> you log failures and have a user without a password. I fell into that trap while testing a new
    >>> XP
    >>> Pro box once. The result is you can not login normally. Also note, not having a password is
    >>> a potential and probable security risk.
    >>>
    >>> The event log can be viewed by going to "Start -> Control Panel -> Performance and
    >>> Maintenance ->
    >>> Administrative Tools" and click on "Event Viewer".
    >>>
    >>> --
    >>> Al Jarvi (MS-MVP Windows Networking)
    >>>
    >>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    >>> The MS-MVP Program - http://mvp.support.microsoft.com
    >>> This posting is provided "AS IS" with no warranties, and confers no rights...
    >>>
    >>> "Toybreaker" <toybreaker at gmail dot com> wrote in message
    >>> news:053BBE00-AE37-4B6B-85B4-40FFB72C4B67@microsoft.com...
    >>> > Does RDC keep ANY logs at all. errors, connections made...recent connections?
    >>> > anything at all would be helpful as i have searched and can not find any as
    >>> > of yet.
    >>> >
    >>> > Thanks all!
    >>> > Toybreaker at gmail dot com
    >>> > --
    >>> > NEXT!!!
    >>>
    >>>
    >
  5. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    The Client does not write anything to the event logs when you attempt a
    connection. I wa hoping that there would be a .txt or .log file somewhere
    that kept that info. I have a hard time believing MS has an app that does
    track what you do. oh well..thanks for the info Al...much appreciated...i
    learned something!!

    "Sooner Al" wrote:

    > Misread your post...
    >
    > Hmmm... I have never tested on the client...:-)
    >
    > Perhaps you could test and report back. That would be a big help to others on this forum...
    >
    > --
    > Al Jarvi (MS-MVP Windows Networking)
    >
    > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > The MS-MVP Program - http://mvp.support.microsoft.com
    > This posting is provided "AS IS" with no warranties, and confers no rights...
    >
    > "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in message
    > news:O5VTRilqEHA.3728@TK2MSFTNGP09.phx.gbl...
    > > If you expand the properties for the 528 event and scroll down in the "Description" window and
    > > click on the "For more information" URL. The resulting windows lists the various logon types. You
    > > can test against that, noting the time for each login attempt using Remote Desktop, by providing
    > > wrong passwords for example to see now logging works... Of course this presumes you setup the
    > > audit policy to also log failures...
    > >
    > > --
    > > Al Jarvi (MS-MVP Windows Networking)
    > >
    > > Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > > The MS-MVP Program - http://mvp.support.microsoft.com
    > > This posting is provided "AS IS" with no warranties, and confers no rights...
    > >
    > > "Toybreaker" <toybreaker at gmail dot com> wrote in message
    > > news:782A9A0F-E667-4328-BFA1-6CC25547A3AD@microsoft.com...
    > >> Thanks for the info. I tested it and found the event. So a 528 with a logon
    > >> type of 10 will always be a RDC or TS logon? What i need to know is if the
    > >> client keeps any logs of attempted connection whether succesful or failures.
    > >>
    > >> "Sooner Al" wrote:
    > >>
    > >>> Look in the Event Log (Security) for a Logon/Logoff Event 528. It should have a Logon Type 10...
    > >>>
    > >>> You can setup an Audit Policy using the Group Policy editor to log logon success and failures.
    > >>> Go
    > >>> to "Start -> Run" and type 'gpedit.msc' (without the quotes). Navigate to "Local Computer
    > >>> Policy ->
    > >>> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit
    > >>> Policies -> Audit logon events". Highlight and right-click and select properties. Configure as
    > >>> desired. Note, some folks have XP boxes setup to login without a password. Logging in
    > >>> without a password counts as a "failure". This results in the security log filling up very fast
    > >>> if
    > >>> you log failures and have a user without a password. I fell into that trap while testing a new
    > >>> XP
    > >>> Pro box once. The result is you can not login normally. Also note, not having a password is
    > >>> a potential and probable security risk.
    > >>>
    > >>> The event log can be viewed by going to "Start -> Control Panel -> Performance and
    > >>> Maintenance ->
    > >>> Administrative Tools" and click on "Event Viewer".
    > >>>
    > >>> --
    > >>> Al Jarvi (MS-MVP Windows Networking)
    > >>>
    > >>> Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    > >>> The MS-MVP Program - http://mvp.support.microsoft.com
    > >>> This posting is provided "AS IS" with no warranties, and confers no rights...
    > >>>
    > >>> "Toybreaker" <toybreaker at gmail dot com> wrote in message
    > >>> news:053BBE00-AE37-4B6B-85B4-40FFB72C4B67@microsoft.com...
    > >>> > Does RDC keep ANY logs at all. errors, connections made...recent connections?
    > >>> > anything at all would be helpful as i have searched and can not find any as
    > >>> > of yet.
    > >>> >
    > >>> > Thanks all!
    > >>> > Toybreaker at gmail dot com
    > >>> > --
    > >>> > NEXT!!!
    > >>>
    > >>>
    > >
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

    Toybreaker,

    I have this line in my logon.bat file. It writes a text
    file to the C drive (you can redirect it elsewhere) of
    all logons.
    echo %username% %clientname% %date% %time% >> c:\logon.txt
    Works for me.

    Scott


    >-----Original Message-----
    >The Client does not write anything to the event logs
    when you attempt a
    >connection. I wa hoping that there would be a .txt
    or .log file somewhere
    >that kept that info. I have a hard time believing MS has
    an app that does
    >track what you do. oh well..thanks for the info
    Al...much appreciated...i
    >learned something!!
    >
    >"Sooner Al" wrote:
    >
    >> Misread your post...
    >>
    >> Hmmm... I have never tested on the client...:-)
    >>
    >> Perhaps you could test and report back. That would be
    a big help to others on this forum...
    >>
    >> --
    >> Al Jarvi (MS-MVP Windows Networking)
    >>
    >> Please post *ALL* questions and replies to the news
    group for the mutual benefit of all of us...
    >> The MS-MVP Program - http://mvp.support.microsoft.com
    >> This posting is provided "AS IS" with no warranties,
    and confers no rights...
    >>
    >> "Sooner Al" <SoonerAl@somewhere.net.invalid> wrote in
    message
    >> news:O5VTRilqEHA.3728@TK2MSFTNGP09.phx.gbl...
    >> > If you expand the properties for the 528 event and
    scroll down in the "Description" window and
    >> > click on the "For more information" URL. The
    resulting windows lists the various logon types. You
    >> > can test against that, noting the time for each
    login attempt using Remote Desktop, by providing
    >> > wrong passwords for example to see now logging
    works... Of course this presumes you setup the
    >> > audit policy to also log failures...
    >> >
    >> > --
    >> > Al Jarvi (MS-MVP Windows Networking)
    >> >
    >> > Please post *ALL* questions and replies to the news
    group for the mutual benefit of all of us...
    >> > The MS-MVP Program - http://mvp.support.microsoft.com
    >> > This posting is provided "AS IS" with no warranties,
    and confers no rights...
    >> >
    >> > "Toybreaker" <toybreaker at gmail dot com> wrote in
    message
    >> > news:782A9A0F-E667-4328-BFA1-
    6CC25547A3AD@microsoft.com...
    >> >> Thanks for the info. I tested it and found the
    event. So a 528 with a logon
    >> >> type of 10 will always be a RDC or TS logon? What i
    need to know is if the
    >> >> client keeps any logs of attempted connection
    whether succesful or failures.
    >> >>
    >> >> "Sooner Al" wrote:
    >> >>
    >> >>> Look in the Event Log (Security) for a
    Logon/Logoff Event 528. It should have a Logon Type 10...
    >> >>>
    >> >>> You can setup an Audit Policy using the Group
    Policy editor to log logon success and failures.
    >> >>> Go
    >> >>> to "Start -> Run" and type 'gpedit.msc' (without
    the quotes). Navigate to "Local Computer
    >> >>> Policy ->
    >> >>> Computer Configuration -> Windows Settings ->
    Security Settings -> Local Policies -> Audit
    >> >>> Policies -> Audit logon events". Highlight and
    right-click and select properties. Configure as
    >> >>> desired. Note, some folks have XP boxes setup to
    login without a password. Logging in
    >> >>> without a password counts as a "failure". This
    results in the security log filling up very fast
    >> >>> if
    >> >>> you log failures and have a user without a
    password. I fell into that trap while testing a new
    >> >>> XP
    >> >>> Pro box once. The result is you can not login
    normally. Also note, not having a password is
    >> >>> a potential and probable security risk.
    >> >>>
    >> >>> The event log can be viewed by going to "Start ->
    Control Panel -> Performance and
    >> >>> Maintenance ->
    >> >>> Administrative Tools" and click on "Event Viewer".
    >> >>>
    >> >>> --
    >> >>> Al Jarvi (MS-MVP Windows Networking)
    >> >>>
    >> >>> Please post *ALL* questions and replies to the
    news group for the mutual benefit of all of us...
    >> >>> The MS-MVP Program -
    http://mvp.support.microsoft.com
    >> >>> This posting is provided "AS IS" with no
    warranties, and confers no rights...
    >> >>>
    >> >>> "Toybreaker" <toybreaker at gmail dot com> wrote
    in message
    >> >>> news:053BBE00-AE37-4B6B-85B4-
    40FFB72C4B67@microsoft.com...
    >> >>> > Does RDC keep ANY logs at all. errors,
    connections made...recent connections?
    >> >>> > anything at all would be helpful as i have
    searched and can not find any as
    >> >>> > of yet.
    >> >>> >
    >> >>> > Thanks all!
    >> >>> > Toybreaker at gmail dot com
    >> >>> > --
    >> >>> > NEXT!!!
    >> >>>
    >> >>>
    >> >
    >>
    >>
    >.
    >
Ask a new question

Read More

Remote Desktop Connection Microsoft Windows XP