Home > IT Answers > Windows Server > Setup auditing on a terminal server
ITKE
16,745 pts.
 Setup auditing on a terminal server
Terminal Server, Terminal Monitor Program, Network Monitoring Tools, Network Monitor, Network monitoring, IP Address Authentication
How can I setup auditing on a terminal server to list all long in attempts and from what IP address they originated? We have a time sheet server and want to make sure where the users are logging in from.
ASKED: Jul 27, 2010  3:25 PM GMT
UPDATED: July 27, 2010  8:06:28 PM GMT
RELATED QUESTIONS
Aguacer0
8,120 pts.
Answer Wiki:
I would do the following things:

1) Setup & Configure a syslog server
2) Create a new GPO via Group Policy Management with these settings:
Computer Configuration -> Policies -> Window Settings -> Security Settings -> Local Policies -> Audit Policy
a) Enable "audit logon events" with success and if you want failure
3) Create a new OU called "Terminal Servers"
4) Move your Terminal Server to this OU
5) Assign this new GPO to this OU
6) Configure the syslog server to retrieve the logs from this terminal server
7) Now utilizing the syslog server's gui (fat client or browser), you should now see events.

Free Syslog Server: http://www.solarwinds.com/products/freetools/kiwi_syslog_server/
Last Wiki Answer Submitted:  Jul 27, 2010  8:06 PM (GMT)  by  Aguacer0   8,120 pts.
To see other answers submitted to the Answer Wiki View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _