I know there is the win10 event application to view recent logins, but is there a login history log file I can monitor or retrieve on Windows 10?
Asked
Active
Viewed 43 times
0
-
[Windows RDP-Related Event Logs](https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/) has some good info. – gowenfawr Feb 27 '21 at 17:20
-
If you want to monitor things on Windows you should be looking at using Powershell to inspect the logs and reporting as needed. – Zoredache Feb 28 '21 at 00:11
-
Does this answers your question? https://serverfault.com/a/1048734/318166 – Swisstone Mar 01 '21 at 15:24
1 Answers
1
Yes, It is possible, But you need to advanced level forensic and OS knowledge to retrieve details. Best thing to do is enable login auditing and send all details to centralized log server like syslog or SIEM. Because forensic data may not be complete in some-times.
In addition to that you can use RDP management and monitoring tool such as rdpsoft. It will provide complete and clear data about all rdp connectivity. But this product is not effective one single computer. Network based RDP monitoring can achieve by remote monitoring and managing tool.
Even in network you can use firewall to identify user connection establishment and disconnection.
serverAdmin123
- 230
- 3
- 18