Daily Weekly Monthly

Daily Shaarli

Previous day
All links of one day in a single page.
Next day

March 2, 2023

Tracking and Analyzing Remote Desktop Connection Logs in Windows | Windows OS Hub
thumbnail

In this article, we’ll describe how to get and audit the RDP connection logs in Windows. The RDP connection logs allow RDS terminal servers administrators to get information about which…

rdp
Note:

... evento 1149 logon vía RDP con PowerShell

$RDPAuths = Get-WinEvent -LogName 'Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational' -FilterXPath '<QueryList>
<Query Id="0">
<Select>*[System[EventID=1149]]</Select>
</Query>
</QueryList>'
[xml[]]$xml=$RDPAuths|Foreach{$_.ToXml()}
$EventData = Foreach ($event in $xml.Event)
{ New-Object PSObject -Property @{
TimeCreated = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm:ss K')
User = $event.UserData.EventXML.Param1
Domain = $event.UserData.EventXML.Param2
Client = $event.UserData.EventXML.Param3
}
} $EventData | FT
rdp powershell