Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.
Remote Desktop access monitoring
Name: iraheel Date: September 6, 2007 at 08:17:48 Pacific OS: Windows 2003 CPU/Ram: 512 Product: Intel P-IV
Comment:
I have a Server placed at a remote location we normally use Remote Desktop to access this server. Some other users also access this server with the same ID as we are using /console with RDC. Few days ago some files were removed from that server is there any way to find out who connected to that server and when these files were removed
Name: Curt R Date: September 6, 2007 at 09:02:19 Pacific
Reply:
If all users are using the same login information (ie: username/password) then no, there's no way to find out as your Event Viewer will always show the same username right.
You should always, always, always have separate accounts. I know one account is easier but you're experiencing the result right now. The only way you can find out for sure is if the person responsible owns up to what they did.....good luck with that. With separate accounts and the right auditing enabled, you could see who deleted files on a certain date and time.
Summary: I have a win 2003 SBS server, that is my first and only Domain controller in a new domain. now this new domain is being used only for remote desktop use. ill have one DC and then the clients will conn...
Summary: You can audit login events and filter for event 528 type 10. Use GPO to change audit for login events. Now as for the IP. That depends on if it is a local machine under the AD control or not. Otherwis...
Summary: I figured out why. Joelaptop was a member of domain users, but not a member of just plain USERS. so he wasnt able to access the account....since only USERS were on the remote desktop access group. ...
0 
