No announcement yet.

Remote Desktop

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote Desktop


    Please does anybody know, how to determine that user is connected through RDP? I try to check %sessionname%, but it is not working when user is connected to the existing console session

    Let me know.




  • #2
    Re: Remote Desktop

    I think we need more information.

    I could tell you to open Task Manager and select the users tab but that would mean you would need to be logged on to the computer (I assume we're talking about XP Pro 'cause that's the forum we're in) and I'm certain you would know if you were using Remote Desktop or not.

    So, more info please.

    Also, be sure to read the rules (take a look at rule 4)

    Network Consultant/Engineer
    Baltimore - Washington area and beyond


    • #3
      Re: Remote Desktop

      If someone is connected through RDP the desktop will be locked
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+ - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.


      • #4
        Re: Remote Desktop


        I know that desktop will be locked. I need to determine it, because we have evidence of our employees in our intranet ok? (comming to/out work) so I need to resolve that user is working from home, or is in his offce. That is my problem




        • #5
          Re: Remote Desktop

          What is your plan?
          - You want to check per user or a list of users if they logged-on and determine how they are logged-on?
          - Or do you want to check that per computer or a list of computers?
          - And from where and what with kind of process you perform the check?
          - Or is it for forensic investigation? in that case the only possibilities you have are the logs (accesserver, domaincontrollers, ...).

          One of the possibilities you have to check the current users is to run a scipt periodically, that writes a time log for al users or all computers from a list.
          example what a script can do: To determine any logged-on user is possible by getting the "ower" of the explorer.exe process on the remote computer. To determine only names of users that are at the office logged-on to the console you can use the properties of 'Win32_ComputerSystem' on the computer. When you compare these results you get the answers you need.
          strComputer = "name-of-the-client-computer"
          'This script expects only one session per computer, 
          'so this script can used to windows xp computers only!
          Set objWMIService = GetObject("winmgmts:" _
              & "{impersonationLevel=impersonate}!\\" _ 
              & strComputer & "\root\cimv2") 
          Set colProcesses = objWMIService.ExecQuery _
              ("Select Name from Win32_Process where name = 'explorer.exe'")
          For Each objProcess in colProcesses
              Return = objProcess.GetOwnerSID(strSID)
              If Return = 0 Then
                 Set wmiSID = objWMIService.Get("Win32_SID.SID='" & strSID & "'")
                 strUser = wmiSID.ReferencedDomainName & "\" & wmiSID.AccountName
              End If
           Exit For
          Set colComputer = objWMIService.ExecQuery _
              ("Select UserName from Win32_ComputerSystem")
          For Each objComputer in colComputer
              strSession = "RDP"
              If objComputer.UserName = strUser Then strSession = "Console"
              If strUser = "" Then strSession = "No"
           Exit For
          Wscript.Echo "Time : " & date() & ", " & Time() & VBNewLine _
                       & "Computername : " & & VBNewLine _
                       & strSession & "-session : " & strUser

          A totally different and smarter approach is to query 'Audit logon events'

          Where 'Logon type 2' = Interactive = A user logged on to this computer.
          and 'Logon type 10' = RemoteInteractive = A user logged on to this computer remotely using Terminal Services or Remote Desktop.


          This posting is provided "AS IS" with no warranties, and confers no rights.


          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts