Remote-access Guide

how to track remote access server 2008 terminal server

by Isaiah Lakin Published 2 years ago Updated 2 years ago
image

To monitor remote client activity and status In Server Manager, click Tools, and then click Remote Access Management. Click REPORTING to navigate to Remote Access Reporting in the Remote Access Management Console.

Full Answer

How do I add the Terminal Services role to Windows Server 2008?

You will need to import the root CA certificate it generates into any client computers, clicking the Certificates button on the Content tab of the Internet Options dialog box, and then importing the certificate into the list of Trusted Root Certification Authorities. To add the Terminal Services Role to Windows Server 2008, follow these steps:

How do I monitor the status of remote access users?

Click REPORTING to navigate to Remote Access Reporting in the Remote Access Management Console. Click Remote Client Status to navigate to the remote client activity and status user interface in the Remote Access Management Console. You will see the list of users who are connected to the Remote Access server and detailed statistics about them.

What are terminal services remoteapps?

Today's topic is Terminal Services RemoteApps, a new feature in Windows Server 2008. RemoteApps are programs accessed remotely through Terminal Services, and appear as though they are running locally on the user's machine.

What is a remote desktop server?

The Remote Desktop server could be any Windows XP, Windows Server 2003, Windows Vista or Windows Server 2008 computer with Remote Desktop enabled. It could also be any version of Terminal Server. Because clients use HTTPS to connect to the TS Gateway, the TS Gateway will need an SSL certificate — just like an electronic-commerce Web server.

image

How do I track an RDP session?

Every time a user successfully connects remotely, an event log will be recorded in the Event Viewer. To view this remote desktop activity log, go to the Event Viewer. Under Applications and Services Logs -> Microsoft -> Windows -> Terminal-Services-RemoteConnectionManager > Operational.

Can Remote Desktop be tracked?

Yes, they can, and they can see everything you see. It's called shadowing, and can be done through Terminal Services Manager.

How can I tell who is connected to a terminal server?

Just open the Users tab in Task Manager. You'll get a full list of user sessions, their states, and running processes. Also you can log them off through the right-click menu.

How can I monitor server remotely?

To monitor the Remote Access server operations status In Server Manager, click Tools, and then click Remote Access Management. Click DASHBOARD to navigate to Remote Access Reporting in the Remote Access Management Console. On the monitoring dashboard, notice the Operations Status tile within the Server Status tile.

Can websites detect remote access?

No, they cannot.

How can I tell who is accessing my remote desktop?

The easiest way to determine who has access to a particular Windows machine is to go into computer management (compmgmt. msc) and look in Local Users and Groups. Check the Administrators group and the Remote Desktop Users group to see who belongs to these.

How do I view remote history?

In the Windows Tools section, click Remote Control. Click. against the name of a computer to view its remote-control history.

What is remote server monitoring?

What is remote server monitoring? Server monitoring is the process of tracking server resources and metrics. This can help you ensure systems are working properly, monitor server performance, better understand how your resources are being used, and improve end-user experience.

Which is the best monitoring tool for servers?

Best Monitoring Tools for ServersSolarWinds Server & Application Manager. ... Dynatrace. ... Datadog. ... New Relic. ... ManageEngine OpManager. ... AppDynamics. ... Sensu Go. ... Nagios XI. Nagios XI is a comprehensive software for monitoring enterprise servers and networks.More items...•

Can Chrome remote desktop be tracked?

No. The chrome browser http request and the Chrome RDP session are two separate things. The browser might send the browser user agent in the header but not the way you are connected to your device. Show activity on this post.

How safe is remote desktop over Internet?

How secure is Windows Remote Desktop? Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP.

What is RDPinit.exe?

An instance of RDPINIT.EXE runs on the Terminal Server for each users RemoteApp session. RDPINIT.EXE is loaded by USERINIT.EXE as a RemoteApp specific implementation of USERINIT.EXE. RDPINIT.EXE acts as a watchdog to launch RDPSHELL.EXE and monitor process startup and shutdown. RDPSHELL.EXE is the shell that is used instead of EXPLORER.EXE to provide RemoteApp functionality. RDPINIT.EXE monitors the process lifecycle of RDPSHELL.EXE and restarts it in the event that it abnormally terminates. RDPSHELL.EXE loads a set of Windows event hooks onto each user desktop in the session. These event hooks allow RDPSHELL.EXE to monitor the state of all windows on the desktop. The interaction between these components is shown below:

What is remote app in Windows Server 2008?

Welcome to the twenty-second day of our series. Only a few more days until Launch Day. We'll be sticking with Terminal Services through the end of our series. Today's topic is Terminal Services RemoteApps, a new feature in Windows Server 2008. RemoteApps are programs accessed remotely through Terminal Services, and appear as though they are running locally on the user's machine. RemoteApps are seamlessly integrated with the client desktop, running in their own (resizable) window with their own taskbar entry. Users can run RemoteApp programs alongside their local programs. If a user is running multiple RemoteApp programs on the same Terminal Server, the RemoteApp programs share the same Terminal Services session.

What is a.rdp file?

The .RDP file and .MSI package contain the settings needed to connect to a Windows Server 2008 Terminal Server and run the RemoteApp program. After opening a RemoteApp program on their local system, the user can interact with the program as if it were installed and running locally. Icons that are associated with the Remote Application that would normally appear in the notification area of a user's Terminal Server session will appear in the notification area on the local system when a remote application session is active. For example - if you were using Microsoft Outlook as a Remote Application, new mail notifications and other pop-ups and application notifications would appear in the notification area as you would expect them to if the application were installed and running locally.

What programs can be run as remote apps?

OK - so what programs can be run as RemoteApps? Basically, any program that can run in a Terminal Services session or in a Remote Desktop session should be able to run as a Remote Application. The Remote Application feature is available to all platforms that support the new RDC 6.x client. There are different ways that a user can access a RemoteApp program - depending on how the program was deployed:

What happens when a remote application is terminated?

When a Remote Application is terminated, the process on the Terminal Server that is associated with that application is terminated. However, the Terminal Server session itself remains in a disconnected state until it is reset by an administrator or the Group Policy setting that defines the time limit for disconnected sessions to remain in that state.

What is client access license?

Client Access Licenses: Connecting to a RDS Server also requires licenses in the form of Per User or Per Device Client Access Licenses, this is what allows more than a single user to remote into the server. Although you will still need to purchase licenses, buying CALs is way cheaper than buying everyone a new Windows 7 license.

What is RDS server?

RDS, as it is abbreviated, allows you to have a powerful server that all your users connect to using the Remote Desktop Protocol (RDP). You can think of it as a computer that lots of people remote desktop into at the same time, however they all have there own user session and desktop, and are completely unaware of each other.

How long do you have to use Remote Desktop Services before you need to purchase a CAL?

As I said before, you can skip this activation section and use Remote Desktop Services for 120 Days before you need to purchase a CAL. Once you have done this you will need to install your applications. However you cant just install them in any fashion you want, there is actually a special method for installing applications on a Remote Desktop Server.

What is RDS per device?

RDS Per Device CAL – If your users share a common workstation this is the mode for you, the license is given to the device rather than the users, this way many people can connect from a single device. However, if they try to connect from a different device they will not be able to since their user account doesn’t have a license.

How to add roles to a server?

Open the Server Manager and right-click on roles, select Add Roles from the context menu

Can you use RDS licenses per device?

The licenses you purchased can be used either as Per User or Per Device. It is purely up to you, however if you already have a RDS Licensing Server you will have to choose the same option you chose when importing the licenses originally.

Do you need NLA to install a session host?

When you get to the application compatibility page it tells you that you should install the Session Host Role before you install your applications, just click next as we have not yet installed our applications. You are then asked if you want to require NLA, this will only allow Windows clients to connect to the Remote Desktop Session Host Server, in addition they must be running a Remote Desktop Client that support Network Level Authentication. I will go ahead and require NLA and then click next

How to monitor remote client activity?

To monitor remote client activity and status 1 In Server Manager, click Tools, and then click Remote Access Management. 2 Click REPORTING to navigate to Remote Access Reporting in the Remote Access Management Console. 3 Click Remote Client Status to navigate to the remote client activity and status user interface in the Remote Access Management Console. 4 You will see the list of users who are connected to the Remote Access server and detailed statistics about them. Click the first row in the list that corresponds to a client. When you select a row, the remote user activity is shown in the preview pane.

What is the management console on a remote access server?

You can use the management console on the Remote Access server to monitor remote client activity and status.

What to do if you can't complete a task?

If you cannot complete a task while you are signed in with an account that is a member of the Administrators group, try performing the task while you are signed in with an account that is a member of the Domain Admins group.

What is IPv4 or IPv6?

DirectAccess or VPN. If DirectAccess is selected, all remote users who are connected by using DirectAccess are listed. If VPN is selected, all remote users who are connected by using VPN are listed. ISP address. The IPv4 or IPv6 address of the remote user.

Can user statistics be filtered?

The user statistics can be filtered, based on criteria selections, by using the fields in the following table.

What is the problem with event logs?

The problem with the event logs mentioned by Andy above is that they are not very clear or descriptive as to who's doing what... at least in a malicious sense. You can find IP Addresses, but then it's hard to tell if they are related to all the unsuccessful login attempts. So, another tool other than the inherent logs seems almost mandatory if you're server is internet facing and you have any concerns about security.

How many reputations do you need to answer a highly active question?

Highly active question. Earn 10 reputation (not counting the association bonus) in order to answer this question. The reputation requirement helps protect this question from spam and non-answer activity.

How to view remote session in AD?

You can set any user account in AD for remote control to view or interact with a user's session by going to the Users tab in Task Manager, right clicking and select 'Remote Control'. You can then view their session.

What to do if you go to a third party vendor?

If you go third party, make sure you evaluate several and get price quotes from each vendor ... there is a huge discrepancy in price - some vendors price per named user, some per concurrent user, and some simply by server. Make sure also that the solution comes with its own database or a lite version of SQL - otherwise you'll get hit with database license costs as well.

Can you use a remote desktop gateway?

You can also use a Remote Desktop Gateway and configure auditing that logs which users are accessing which internal resources via RDP. Some additional information is available here.

Where to find session logs?

Date/Timestamped/IP/UserName etc. You can also look under Applications and Services LogsMicrosoftWindowsTerminalServices-RemoteConnectionManager

What does 9009 mean in RDP?

The event with the EventID 9009 ( The Desktop Window Manager has exited with code <X>) in the System log means that a user has initiated logoff from the RDP session with both the window and the graphic shell of the user have been terminated.

What is logoff in Windows?

Logoff refers to the user logoff from the system. It is logged as the event with the EventID 23 ( Remote Desktop Services: Session logoff succeeded) in “Applications and Services Logs -> Microsoft -> Windows -> TerminalServices-LocalSessionManager -> Operational”.

What is EventID 4778?

The event with the EventID 4778 in Windows -> Security log (A session was reconnected to a Window Station). A user has reconnected to an RDP session (a user is assigned a new LogonID).

What is a network connection?

Network Connection is the establishment of a network connection to a server from a user RDP client. It is the event with the EventID 1149 ( Remote Desktop Services: User authentication succeeded ). If this event is found, it doesn’t mean that user authentication has been successful. This log is located in “Applications and Services Logs -> Microsoft -> Windows -> Terminal-Services-RemoteConnectionManager > Operational”. Enable the log filter for this event (right-click the log -> Filter Current Log -> EventId 1149 ).

How to check RDP logs?

You can check the RDP connection logs using Windows Event Viewer ( eventvwr.msc ). Windows logs contain a lot of data, and it is quite difficult to find the event you need. When a user remotely connects to the remote desktop of RDS (RDP), a whole number of events appears in the Windows Event Viewer. There are several different logs where you can find the information about Remote Desktop connections. We’ll look at the logs and events on the main stages of an RDP connection that may be of interest to the administrator:

What does event ID 21 mean?

The event with the EventID – 21 ( Remote Desktop Services: Shell start notification received) means that the Explorer shell has been successfully started (the desktop appears in the user’s RDP session).

What does the RDP session ID return?

The command returns the session ID (ID), the name of user (USERNAME) and the session state (Active/Disconnect). It is convenient to use this command when you need to get the ID of the user RDP session in case shadow connection is used.

Windows Server 2008 Terminal Services: Changes of remote administration mode

There are several changes in Windows Server 2008 with regard to the way Terminal Services work in remote administration mode. Some are enhancements; at least one is a change for the worse. This post summarizes the most important changes.

Server 2008 Terminal Services

Windows Script 5.7 - What are the new features and bug fixes? Who cares? Microsoft’s new Virtualization Web site

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9