none
Is there a log file for RDP connections?

    Question

  • Hello,

    I need to know WHO (IP Address) and WHEN accessed my computer (with remote desktop). is there any log file ? (Windows 7)

    Regards


    -- Mreza

    Saturday, June 16, 2012 5:32 PM

Answers

  • Also take a look here.

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, June 16, 2012 6:57 PM

All replies

  • You could turn on some auditing.

    http://technet.microsoft.com/en-us/library/dd772658(v=ws.10)

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, June 16, 2012 6:14 PM
  • Thanks for reply. but i think your link is broken!

    Actually there is a computer in front of my eyes, and someone thinks someone else accessed to this computer via Remote Desktop. Is there any log file?

    Can I use Event viewer (Windows Logs > Application) to prove someone had access to this computer on specific time (with remote desktop connection).


    -- Mreza

    Saturday, June 16, 2012 6:38 PM
  • Try this one.

    http://technet.microsoft.com/en-us/library/dd772704(v=WS.10).aspx

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, June 16, 2012 6:41 PM
  • Also take a look here.

     

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, June 16, 2012 6:57 PM
  • Thank you very much!


    -- Mreza

    Saturday, June 16, 2012 7:10 PM
  • You're welcome.

     

     


    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, June 16, 2012 7:22 PM
  • Hello.

    Is there any similar log in WinXP?

    Monday, September 30, 2013 7:45 AM
  • Hello.

    Is there any similar log in WinXP?

    No.

    For anyone interested, I've written a script that parses this log and outputs a friendly CSV.

    https://gallery.technet.microsoft.com/Remote-Desktop-Connection-3fe225cd

    Sample Output:




    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Thursday, April 9, 2015 2:52 AM
  • Thanks Mike! Working like a charm, and that saved me a lot of headaches, to easily get a simple but informative summary of RDP-sessions.
    Thursday, July 16, 2015 8:42 PM
  • Nice script Mike - thanks.
    Friday, June 10, 2016 10:47 AM
  • spot on, exactly what I was after!
    Thursday, April 20, 2017 9:19 AM
  • Hi Mike! This is the first script I ran in PowerShell. I just right clicked on the downloaded file and selected Run with PowerShell. How do I retrieve the csv output?
    Wednesday, October 11, 2017 5:38 PM
  • I guess you already found it, but in favor of those others who will read this thread later on:

    The csv file is saved to the current users desktop on the computer you run the script on.

    Monday, May 21, 2018 11:11 AM
  • Tnx Dave. this was very useful and helpful
    Saturday, May 26, 2018 12:46 PM
  • Hopefully I can get an answer. 

    I tried the script but in my output csv file, the ServerName column it lists all the servers I added in the script and not individually. i.e.

    ServerName                             IPAddress

    server01, server02, server03      10.1.0.10

    I would like it to look like this

     User         ServerName       IPAddress

      JohnA       Server01           10.1.25.10

      SueB       server02             10.1.33.10 

      JackJ       server03              10.1.28.10

      SueB        server01              10.1.33.10

    What am I doing wrong with the script, or can I not get this type of format with the script


    Update: never mind I figured it out.
    Wednesday, October 3, 2018 9:17 PM