Re: Terminal server log
"Piet van Dongen" <piet_van_dongen@hotmail.com> schreef in bericht news:7F377F22-6008-43AD-A6A9-5BA5D7DFE1C6@microsoft.com...
Hi,
You can then filter the logon events in the security eventlog "logon type 10 RemoteInteractive" => A user logged on to this computer remotely using Terminal Services or Remote Desktop.
Below here the complete list of the different logon types...
Logon typeLogon titleDescription
2InteractiveA user logged on to this computer.
3NetworkA user or computer logged on to this computer from the network.
4BatchThe batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.
5ServiceA service was started by the Service Control Manager.
7UnlockThis workstation was unlocked.
8NetworkCleartextA user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext).
9NewCredentialsA caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections.
10RemoteInteractiveA user logged on to this computer remotely using Terminal Services or Remote Desktop.
11CachedInteractiveA user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.
Regards,
_____________________________
Piet van Dongen
MCSA, MCSE, MCTS, MCDBA, MCP
CCA, CCEA, CCSP
RPFCP, RWCP, RCP
_____________________________
"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> schreef in bericht news:Xns9A6BA30087315veranoesthemutforsse@207.46.248.16...
> The only place where you can see this is in the Security EventLog, if
> you have enabled auditing of logon and logoff events.
>
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> RedFoxy <redfoxy.nospam@redfoxy.it> wrote on 24 mar 2008 in
> microsoft.public.windows.terminal_services:
>
>> Hi all!
>> I need to know if a windows 2003 SBS (the full version with SQL
>> not the standard version) logs Terminal server connections and
>> where are the logs, i need to know the ip address of a
>> connection by terminal server and if is possible, what they do
>> like data transfer and similar, I'm reading the event log of
>> windows, but i don't foun anything of strange, i found only some
>> try of a terminal server connection that try to connect some
>> printers that server don't know and it haven't the right
>> drivers... The windows 2003 server SBS is just installed, i
>> haven't changed any policy about log on and terminal server and
>> windows have all windows updated.
>>
>> Thank's for all!