Really looking for some ideas (ideally nothing 3rd party based) that we could implement to monitor when users login to a Terminal Server (and log off if possible) so we can monitor activity.
Thanks!
Asked
Active
Viewed 733 times
0
-
1What do you mean by "monitoring activity"? – Sven Jul 13 '13 at 11:43
-
I.e. time they logon to the TS, and the time they logoff – PnP Jul 13 '13 at 11:46
-
There isn't anything I'm aware of to do this except third party tools. – joeqwerty Jul 13 '13 at 12:07
1 Answers
1
What, exactly, do you mean by "monitor activity"? What are you looking to actually do?
Assuming you enable success auditing of Logon / Logoff events, the Event Log will contain events (id's and sources dependent on the version of Windows you're using) each time a successful logon or logoff occurs. The product can produce that log "stock" without any third-party add-ons. At that point, it's just a matter of parsing the event log or forwarding it to whatever log analysis system you want to use. The sky's the limit once you're parsing the event log-- whatever alerting capabilities your monitoring system has become available.
Evan Anderson
- 141,071
- 19
- 191
- 328
-
I should have been more explicit in my comment. The Event log (once auditing is configured) will contain entries for logon and logoff events and it is possible to create an email action in W2K8, W2K8R2 and W2K12 on the appropriate Event log entries, but that doesn't strike me as being very manageable or useful. The key is going to be using a third party tool that can collect, aggregate, display and take action on the Events. – joeqwerty Jul 13 '13 at 13:40