Home > Software design >  RDP Logs Of Who I Have Connected To
RDP Logs Of Who I Have Connected To

Time:10-26

I would like a log of everyone with who I have connected in the past with RDP. I know this is possible as when I go to the start menu and type RDP there is a list of "Recent Connections" but I would like everyone who I have connected to.

CodePudding user response:

To log process activity you can use Windows Audit Service. Enable process tracking, object access then search for proper event records. But this service doesn't track network traffic. If client OS is Windows Server you could use Windows Filtering Platform.

Standard "Microsoft Remote Desktop client" creates registry subkeys in HKCU\SOFTWARE\Microsoft\Terminal Server Client\Servers while connecting to remote servers.

So just read subkeys to get server list (Powershell):

dir -recurse "HKCU:\SOFTWARE\Microsoft\Terminal Server Client\Servers"

To get last connection time value read proper subkey's timestamp using RegQueryInfoKey.

  • Related