![]() ![]() You can check the following RD Gateway user connection events in the Microsoft-Windows-TerminalServices-Gateway event log: (Get-WinEvent -FilterHashTable | Select-Object $properties) -match $rdpusername $RDPAuths = Get-WinEvent -LogName 'Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational' -FilterXPath '*]' You can list all RDP connection attempts with PowerShell: Enable the log filter for this event (right-click the log -> Filter Current Log -> EventId 1149). This log is located in “Applications and Services Logs -> Microsoft -> Windows -> Terminal-Services-RemoteConnectionManager > Operational”. If this event is found, it doesn’t mean that user authentication has been successful. It is the event with the EventID 1149 ( Remote Desktop Services: User authentication succeeded). ![]() Network Connection – establishing a network connection to a server from the user’s RDP client. Consider the main stages of RDP connection and related events in the Event Viewer, which may be of interest to the administrator When a user connects to a Remote Desktop-enabled or RDS host, information about these events is stored in the Event Viewer logs ( eventvwr.msc). RDP Connection Events in Windows Event Viewer The article is applicable when analyzing RDP logs for both Windows Server 2022/2019/2016/2012R2 and to desktop editions (Windows 11, 10, and 8.1).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |